Announcement

Collapse
No announcement yet.

Intel's IWD Wireless Daemon Preparing WiFi DPP Support (Wi-Fi Easy Connect)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel's IWD Wireless Daemon Preparing WiFi DPP Support (Wi-Fi Easy Connect)

    Phoronix: Intel's IWD Wireless Daemon Preparing WiFi DPP Support (Wi-Fi Easy Connect)

    Intel's open-source IWD modern wireless daemon that works with the likes of NetworkManager, systemd-networkd, and their own ConnMan has been preparing support for WiFi Device Provisioning Protocol (DPP)...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    All I heard was "here is another future hole on your wireless network security"...

    Comment


    • #3
      Originally posted by phoronix View Post
      DPP is backed by the Wi-Fi Alliance and is the way forward for secure provisioning of new wireless devices on a network.
      theway.jpg

      at least 5 characters

      Comment


      • #4
        The link to the DPP PDF on the Wi-Fi.org site gives an error: "Direct URL access prohibited"

        Comment


        • #5
          Originally posted by a-zander View Post
          The link to the DPP PDF on the Wi-Fi.org site gives an error: "Direct URL access prohibited"
          "Supa Secuwa"

          Comment


          • #6
            I see a lot of people here complaining about the security, even though most didn't even spend 5 minutes of their time checking the spec. And honestly, since all that WPS fiasco, we have some valid reasons for raising doubts.

            But does anyone have any better suggestion? Right now the only viable alternative to configure a small device without display/user input, is to let that device create an unsecured Wi-Fi network with some pseudo-random SSID. The user will then connect to that network and provide the necessary credentials for the device to connect to the main network. That doesn't seem a better approach. It requires more resources to provide the setup interface and in the end it contains bigger surface for future attacks.
            Devices like the chromecast audio tend to enter this setup mode when the main network becomes unavailable, which makes them susceptible to attacks from close by actors.

            I think a proper PKI infrastructure that can share credentials through a secure channel using the assistance of QR-Codes is a way better implementation, if done right. Mostly for the fact we don't need to hack around with non-standard implementations that require temporary networks.


            I actually have a small side project where I am building a small audio streamer that I want to integrate inside an amplified speaker. I am using a Raspeberry PI Zero W and I am currently designing a DAC circuit to integrate with it. But since this device will be mounted inside the speaker case I won't be able to easily access and configure it. So for now I am thinking on exposing a small serial header that I can use to log-in with an external computer. But something like DPP would solve my problems, but I guess I need to wait until the technology is fairly well supported.

            Comment


            • #7
              Originally posted by amxfonseca View Post
              I see a lot of people here complaining about the security, even though most didn't even spend 5 minutes of their time checking the spec. And honestly, since all that WPS fiasco, we have some valid reasons for raising doubts.
              Maybe the spec is flawless and defect-free, but what about the implementations? Those may be potentially vulnerable (considering how router manufacturers are with their software)

              Comment


              • #8
                Originally posted by amxfonseca View Post
                But does anyone have any better suggestion?

                I think a proper PKI infrastructure that can share credentials through a secure channel using the assistance of QR-Codes is a way better implementation, if done right. Mostly for the fact we don't need to hack around with non-standard implementations that require temporary networks.
                I haven't read about DPP yet (besides the article content overview), and was thinking the same answer you later revealed with PKI and QR.

                Although, embedded devices may not have cameras for QR scanning as it'd be an otherwise unnecessary cost, so something like RFID / NFC might be an appropriate way, especially since NFC becomes common for your smartphone to have.

                If you go that route, consider managing PKI with smallstep CA, it's great open-source project, easy to configure and use, and I think they actually have docs or blog article about short-lived provisioning for this sort of thing with mTLS

                That said, probably worth looking into DPP too as I imagine it's done a good job learning from past woes.

                Comment


                • #9
                  If anyone is interested the wiki page for using DPP is up:

                  Comment

                  Working...
                  X