802.11--WPS(Wi-Fi Protected Setup)协议简析

WPS(Wi-Fi Protected Setup)是Wi-Fi Simple Configuration的简称,旨在简化家庭和小型办公室无线网络的配置。通过PIN码或物理按钮,用户能快速安全地连接到无线网络。本文介绍了WPS的三大组件(Enrollee、Registrar和AP)、Registration Protocol(RP)流程、WSC IE(Information Element)和EAP-WSC协议,详细阐述了它们在无线网络连接过程中的作用和交互方式。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一、概述

WPS全称为Wi-Fi Protected Setup,是WSC规范早期的名字,WSC全称为Wi-Fi Simple Configuration,该项技术用于简化SOHO环境中无线网络的配置和使用。举一个简单的例子,配置无线网络环境时,网管需要首先为AP设置SSID、安全属性(如身份认证方法、加密方法等)。然后他还得把SSID、密码告诉给该无线网络的使用者。可是这些安全设置信息对普通大众而言还是有些复杂。而有了WSC之后,用户只需输入PIN码(Personal Identification Number,一串数字),或者摁一下专门的按钮(WSC中,该按钮被称为Push Button)甚至用户只要拿着支持NFC的手机到目标AP(它必须也支持NFC)旁刷一下,这些安全设置就能被自动配置好。有了这些信息,手机就能连接上目标无线网络了。显然,相比让用户记住SSID、密码等信息,WSC要简单多了。WFA推出WPA后不久,WPS规范便被推出。随着WPA2的出现,WFA又制订了WPS的升级版,即WSC。

二、术语介绍

WSC规范定义了三个核心组件,如下图所示:
WSC三大组件
  1. Enrollee的角色类似于client端,它向Registrar发起注册请求;
  2. Registrar用于检查Enrollee的合法性,类似于server端,另外,Registrar还能对AP进行配置;
  3. AP也需要注册到Registar中,所以,从Registrar角度来看,AP也是Enrollee;
  4. AP和Registrar以及Enrollee三者交互,Enrollee从Registrar那获取AP的安全配置信息,然后Enrollee利用该信息加入AP提供的无线网络。
  注意,这三个组件只是逻辑上的概念。在具体实现时,AP和Registrar可以由同一个实体实现,也可分别由不同实体来实现。
  支持WSC的无线路由器兼具AP和Registrar的功能,这种AP在规范中被称为Standalone AP。Android智能手机扮演Enrollee的角色。
  如果AP和Registrar分别由不同实体来实现,这种Registrar也被称为External Registrar。
  三大组件之外,规范还定义了组件之间的交互接口。上图中的E、M、A代表三个核心组件之间交互的接口,这些接口定义了交互双方需要实现的一些功能。简要描述如下:
  1. STA中的Interface E包括的功能有
   1) STA首先要寻找周围支持WSC功能的Standalone AP。此步骤将通过发送携带WSC IE的Probe Request帧来实现;
   2) STA关联到Standalone AP后(注意,仅仅是关联成功。由于缺乏安全配置信息,STA无法和AP开展RSNA流程,即四次握手等工作),双方需要借助Registration Protocol协议(以后简称RP协议)来协商安全配置信息。所以,STA必须实现RP协议的Enrollee的功能;
  2. Standalone AP中Interface E包括的功能有:
   1) 回复携带WSC IE的Probe Response帧以表明自己支持WSC功能;
   2) 实现RP协议定义的Registrar的功能。另外,STA和AP可选择实现某种Out-of-Band交互手段,规范中提到的两种手段包括NFC和USB;
  3. 对于Interface A来说:
   1) STA必须实现802.1X supplicant功能,并支持EAP-WSC算法;
   2) Standalone AP需发送携带WSC IE的Beacon帧来表示自己支持WSC功能。同时,AP还必须支持802.1X authenticator功能,并实现EAP-WSC算法;
  4. 由于Standalone AP已经集成了三大组件中的AP和Registrar,所以Interface M的功能几乎简化为0。
  WSC的核心内容集中在WSC IE以及RP协议中。

三、Registration Protocol

当STA和Standalone AP采用In-Band交互方法时,RP协议的完整交互流程如图所示:
RP协议交互
  将RP协议分为两个部分,由“Enter passworkd of Enrollee”行隔开,其中:
  1. Discovery Phase为上半部分,在此阶段中,STA借助Beacon帧或Probe Request帧搜索周围的AP。对开启了WSC功能的AP来说,这些帧中都必须携带WSC IE。而没有携带WSC IE的帧则表明发送者不支持或者未开启WSC功能。Discovery Phase结束后,STA将确定一个目标AP;
  2. 如果是PIN方式,此时用户需要将STA显示的PIN码输入到目标AP的设置页面;
  3. STA将关联到目标AP。和非WSC流程不一样的是,STA和AP不会开展4次握手协议,而是先开展EAP-WSC流程;
  4. EAP-WSC流程从EAPOL-Start开始,结束于EAP-Fail帧,一共涉及14次EAPOL/EAP帧交换。在这14次帧交互过程中,STA和AP双方将协商安全配置信息(例如采用何种身份验证方法、何种加密方法,以及PSK等)。另外,这14次帧中,M1到M8属于EAP-WSC算法的内容,它们用于STA和AP双方确认身份以及传输安全配置信息;
  5. 最后EAP-WSC最终以EAP-Fai

1. Introduction ........................................................................................................................7 1.1. Purpose .............................................................................................................................................. 7 1.2. Scope................................................................................................................................................... 7 1.3. Related Documents .......................................................................................................................... 7 1.4. Supported Usage Models................................................................................................................. 7 Primary Usage Models................................................................................................................................. 7 Secondary Usage Models ............................................................................................................................. 7 1.5. Mental Model .................................................................................................................................... 8 1.6. Design Approach .............................................................................................................................. 8 1.7. Solution Flexibility ........................................................................................................................... 8 1.8. User Experience................................................................................................................................ 9 1.8.1. In-band Setup ............................................................................................................................... 9 1.8.2. Out-of-band Setup ....................................................................................................................... 9 2. Core Architecture..............................................................................................................11 2.1. Definitions........................................................................................................................................ 11 2.2. Components and Interfaces .......................................................................................................... 12 2.2.1. Architectural Overview .......................................................................................................................... 12 2.2.2. Interface E ............................................................................................................................................... 12 2.2.3. Interface M.............................................................................................................................................. 13 2.2.4. Interface A............................................................................................................................................... 14 2.3. Registration Protocol ..................................................................................................................... 15 2.4. Security Overview.......................................................................................................................... 16 2.4.1. In-band Configuration .............................................................................................................. 16 2.4.2. Guidelines and Requirements for PIN values ....................................................................... 18 2.4.3. Out-of-band Configuration ...................................................................................................... 18 3. Initial WLAN Setup ..........................................................................................................19 3.1. Standalone AP ................................................................................................................................ 19 3.2. Legacy AP........................................................................................................................................ 19 3.3. AP With an External Registrar ................................................................................................... 20 3.3.1. EAP-based Setup of External Registrar................................................................................. 21 3.3.2. Ethernet-based Setup of External Registrar ......................................................................... 23 Wi-Fi Alliance Confidential Wi-Fi Protected Setup Specification Page 3 of 110 Version: 1.0h 4. Adding Member Devices ...................................................................................................25 4.1. In-band Setup Using a Standalone AP/Registrar ..................................................................... 25 4.2. Out-of-band Setup Using a Standalone AP/Registrar.............................................................. 27 4.3. Out-of-band Setup Using an External Registrar ...................................................................... 28 4.4. Secure Setup with Legacy AP ...................................................................................................... 29 4.5. Secure Setup with Legacy Enrollee ............................................................................................. 29 4.5.1. Mental model mapping ............................................................................................................. 29 4.6. No-Security Out-of-band Setup Using a Standalone AP ......................................................... 29 4.6.1. Mental model mapping ............................................................................................................. 30 5. Secondary Usage Models ..................................................................................................31 5.1. Removing Members from the WLAN......................................................................................... 31 5.2. Guest access..................................................................................................................................... 31 5.3. Re-keying credentials .................................................................................................................... 31 5.4. Expanding the network - Adding additional AP or Router .................................................... 31 5.5. Changing Network Name (SSID), radio channels, etc. ............................................................ 31 6. Registration Protocol Definition .......................................................................................33 6.1. Registration Protocol Initiation ................................................................................................... 33 6.2. Registration Protocol Messages ................................................................................................... 34 6.2.1. Optional Parameters................................................................................................................................ 35 6.3. Key Derivation................................................................................................................................ 36 6.4. Proof-of-possession of Device Password ..................................................................................... 38 6.4.1. PIN Checksums .......................................................................................................................... 38 6.4.2. Device Password Splitting......................................................................................................... 39 6.4.3. Device Password Usage ............................................................................................................. 39 6.5. Key Wrap Algorithm..................................................................................................................... 40 6.6. Rekeying .......................................................................................................................................... 41 6.7. Key Summary and Classification ................................................................................................ 41 6.8. Security Analysis ............................................................................................................................ 42 6.9. Out-Of-Band Channels ................................................................................................................. 43 6.9.1. Out-of-band Channel Characteristics .................................................................................................... 43 6.10. EAP Transport of Registration Protocol................................................................................ 43 6.10.1. EAP Message Framing ........................................................................................................................... 44 6.10.2. EAP Messages......................................................................................................................................... 45 6.10.3. EAP State Machine for Enrollee Registration ...................................................................................... 47 6.10.4. EAP State Machine for Adding an External Registrar ......................................................................... 48 Wi-Fi Alliance Confidential Wi-Fi Protected Setup Specification Page 4 of 110 Version: 1.0h 6.11. UPnP Transport of Registration Protocol ............................................................................. 49 7. Message Encoding ............................................................................................................50 7.1. Wi-Fi Protected Setup TLV Data Format.................................................................................. 50 7.2. 802.11 Management Frames......................................................................................................... 50 7.2.1. Beacon Frame (C) ...................................................................................................................... 52 7.2.2. Association Request and Reassociation Request................................................................... 52 7.2.3. Association Response and Reassociation Response .............................................................. 52 7.2.4. Probe Request (D-E or D-R) .................................................................................................... 53 7.2.5. Probe Response (D-AP/Registrar)........................................................................................... 53 7.3. Registration Protocol Message Definitions ................................................................................ 54 7.3.1. Message M1................................................................................................................................. 54 7.3.2. Message M2................................................................................................................................. 55 7.3.3. Message M2D.............................................................................................................................. 56 7.3.4. Message M3................................................................................................................................. 56 7.3.5. Message M4................................................................................................................................. 56 7.3.6. Message M5................................................................................................................................. 57 7.3.7. Message M6................................................................................................................................. 57 7.3.8. Message M7................................................................................................................................. 58 7.3.9. Message M8................................................................................................................................. 59 7.3.10. WSC_ACK Message .................................................................................................................. 60 7.3.11. WSC_NACK Message ............................................................................................................... 60 7.3.12. WSC_Done Message .................................................................................................................. 60 7.4. AP Settings Message Definitions.................................................................................................. 61 7.4.1. GetAPSettings Input Message.................................................................................................. 61 7.4.2. GetAPSettings Output Message............................................................................................... 62 7.4.3. SetAPSettings Message.............................................................................................................. 63 7.4.4. DelAPSettings Message ............................................................................................................. 63 7.4.5. SetSelectedRegistrar Message.................................................................................................. 64 7.4.6. ResetAP and RebootAP Messages........................................................................................... 64 7.5. STA Settings Message Definitions ............................................................................................... 65 7.5.1. GetSTASettings Input Message ............................................................................................... 65 7.5.2. GetSTASettings Output Message ............................................................................................ 65 7.5.3. SetSTASettings Message ........................................................................................................... 66 7.5.4. DelSTASettings Message .......................................................................................................... 67 7.5.5. ResetSTA and RebootSTA Messages...................................................................................... 67 Wi-Fi Alliance Confidential Wi-Fi Protected Setup Specification Page 5 of 110 Version: 1.0h 8. USBA (USB Host) Out-of-Band Interface Specification ..................................................68 8.1. Requirements for USB Flash Drives (UFD)............................................................................... 68 8.2. Enrollee Requirements for USBA OOB Interfaces .................................................................. 68 8.3. Firmware and Software Requirements ...................................................................................... 69 8.3.1. Encrypted Settings File (xxxxxxxx.WSC) .............................................................................. 69 8.3.2. Unencrypted Settings File (00000000.WSC).......................................................................... 69 8.3.3. Enrollee Device Password and Key Hash (xxxxxxxx.WFA) ............................................... 70 9. NFC Out-of-Band Interface Specification........................................................................71 9.1. Disclaimer........................................................................................................................................ 71 9.2. Overview.......................................................................................................................................... 71 9.3. NFC Use Cases................................................................................................................................ 72 9.3.1. NFC Password Token................................................................................................................ 72 9.3.2. Touching Devices ....................................................................................................................... 72 9.3.3. NFC Configuration Token........................................................................................................ 73 9.4. Generic Requirements for NFC OOB Support ......................................................................... 73 9.4.1. New Devices (Enrollee or AP) Requirements ........................................................................ 73 9.4.2. Registrar Requirements ............................................................................................................ 74 9.5. Hardware Requirements............................................................................................................... 74 9.5.1. Requirements for NFC Tokens................................................................................................ 74 9.5.2. Requirements for an NFC Device............................................................................................ 74 9.6. Firmware and Software Requirements ...................................................................................... 74 9.6.1. NFC Password Token................................................................................................................ 74 9.6.2. NFC Configuration Token........................................................................................................ 75 9.6.3. NFC Device ................................................................................................................................. 75 9.7. Informative: NFC Forum specifications..................................................................................... 75 9.7.1. NFC Data Exchange Format (NDEF)..................................................................................... 75 9.7.2. NDEF mapping documents ...................................................................................................... 76 10. PushButton Configuration............................................................................................77 10.1. Introduction ................................................................................................................................ 77 10.2. User Experience.......................................................................................................................... 77 10.3. PBC Technical Description ...................................................................................................... 78 10.4. User Feedback ............................................................................................................................ 81 10.5. PBC Security Considerations................................................................................................... 82 11. Data Element Definitions ..............................................................................................84 Wi-Fi Alliance Confidential Wi-Fi Protected Setup Specification Page 6 of 110 Version: 1.0h 12. Conclusion...................................................................................................................105 13. Appendix: Additional Setup Scenarios .......................................................................107 14. Appendix: Out-of-Band Channel Considerations ......................................................109
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值