Configuring WiFi Security

Microchip TCP/IP Stack

Microchip TCP/IP Stack Help
Configuring WiFi Security

The MRF24WB0M / MRF24WG0M can be configured to connect to wireless networks with encryption enabled. Both MRF24WB0M / MRF24WG0M supports WEP (40-bit and 104-bit), as well as WPA (TKIP) and WPA2 (TKIP/AES). In addition, MRF24WG0M supports Wi-Fi Protected Setup (WPS) both Push Button Configuration (WPS-PBC) and Personal Information Number (WPS-PIN). MRF24WG0M also supports WPA2 Enterprise (EAP-PEAP/ EAP-TTLS), requiring special approval from Microchip.

Device Security Modes

Security settings for the MRF24WB0M / MRF24WG0M are located in the file WF_Config.h. To enable security features the #define preprocessor definition for MY_DEFAULT_WIFI_SECURITY_MODE must be defined as one of the following options:

WF_SECURITY_WEP_40 
40-bit WEP security. This equates to 5 ASCII characters or 10 hex digits. MY_DEFAULT_WEP_KEYS_40 contains up to four keys that can be programmed (default is key 0). 
WF_SECURITY_WEP_104 
104-bit WEP security. This equates to 13 ASCII characters or 26 hex digits. MY_DEFAULT_WEP_KEYS_104 contains up to four keys that can be programmed (default is key 0). 
WF_SECURITY_WPA_WITH_KEYWF_SECURITY_WPA2_WITH_KEY
WF_SECURITY_WPA_AUTO_WITH_KEY 
Uses the 32 bytes in MY_DEFAULT_PSK as the key to join the network. These values are generated from a hash of the SSID name and WPA passphrase. For the purpose of the demo, the 32-bytes in MY_DEFAULT_PSK in WF_Config.h correspond to an SSID of "MicrochipDemoAP" and passphrase "Microchip 802.11 Secret PSK Password". 
WF_SECURITY_WPA_WITH_PASS_PHRASE
WF_SECURITY_WPA2_WITH_PASS_PHRASE
WF_SECURITY_WPA_AUTO_WITH_PASS_PHRASE 
Instructs the MRF24WB0M / MRF24WG0M to generate the 32 byte PSK using the SSID and passphrase. The default in WF_Config.h corresponds to an SSID of "MicrochipDemoAP" and passphrase "Microchip 802.11 Secret PSK Password". Note that it takes approximately 30 seconds for the MRF24WB0M / MRF24WG0M to calculate this value[1]
WF_SECURITY_WPS_PUSH_BUTTON
WF_SECURITY_WPS_PIN 
Supported by MRF24WG0M only.
For WPS-PBC, define the MY_DEFAULT_SSID_NAME as “”.
For WPS-PIN, define the MY_DEFAULT_WPS_PIN to be the same as the AP/router PIN, for example, 12390212 and define the MY_DEFAULT_SSID_NAME to be the same as the AP or router’s SSID. 
WF_SECURITY_WPA2_ENTERPRISE 
Supported by MRF24WG0M only. Requires MLA v5.42.06 March 2013 release and future releases.
EAP-PEAP/MSCHAPv2 and EAP-TTLS/MSCHAPv2.
Special approval needs to be submitted to marketing. 

Note: Some routers try to increase the random nature of the WEP key by adding an additional layer that will convert an ASCII passphrase into a hexadecimal key. The MRF24WB0M / MRF24WG0M PICtail will require a hexadecimal key, no matter which way it is generated.

Access Point Security Settings

The access point will also need to be changed to match the same security settings. Wireless security settings can be found in the "Wireless Security" tab under the main "Wireless" tab (example shows a Linksys WRT5G2). The drop-down box for security has all the different security options. Note that for WPA/WPA2, the MRF24WB0M / MRF24WG0M only supports personal security levels (as opposed to enterprise, which is not supported). 

Linksys security options 

 

[1]: Once the 32-byte PSK is calculated, it can be retrieved by the host from the MRF24WB0M / MRF24WG0M. The host can then save this key to external non-volatile memory. On future connection attempts, the host can program the MRF24WB0M / MRF24WG0M with the WF_SECURITY_WPA/WPA2/WPA_AUTO_WITH_KEY options, provide the saved key, and not have to wait 30 seconds to reconnect to the network.

Pre-generated PSK

You also have the option to pre-generate the PSK and use the 32-byte PSK directly in the source code. One handy tool to generate the PSK can be found online at the Wireshark Foundation http://www.wireshark.org/tools/wpa-psk.html. The Wireshark website can generate the expected 32-byte PSK key with the SSID name and the passphrase. You can then use these values in the variable MY_DEFAULT_PSK in TCPIPConfig.h.

Wi-Fi Protected Setup (WPS)

WiFi Protected Setup (WPS) allows users to set up and expand the WiFi networks with security enabled, even if they are not familiar with the underlying technologies or processes involved. For example, users no longer have to know that SSID refers to the network name or WPA2 refers to the security mechanism. WPS will configure the network name SSID and security key for the AP and WPS client devices on a network. It supports the WEP / WPA / WPA2 security methods. 

AP/routers from 2007 onwards will have this WPS feature. 

 

Microchip TCP/IP Stack 5.42.08 - June 15, 2013
Copyright © 2012 Microchip Technology, Inc.  All rights reserved.