Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Embedded

Securing an embedded 802.11 Wi-Fi device

Posted: 01 Sep 2010     Print Version  Bookmark and Share

Keywords:802.11  Wi-Fi security  embedded security 

6. Do you need enterprise authentication?
a. Authentication is an easily-overlooked aspect of security that is as vital as encryption. Without authentication an attacker could pose as a legitimate receiver of information directly from your device. Authentication can be provided through requiring a simple password, pre-sharing a secret key, using the built-in authentication of TLS or similar protocols, or using full-blown enterprise authentication that requires a dedicated authentication server to guarantee the identity of all devices. The most common methods for authentication are EAP-TLS and PEAP. Enterprise authentication is a complex subject that will take some time to figure out, but for some applications there is no other option.

image name

Figure 2: Shown is an enterprise Wi-Fi authentication.

7. How do you deploy and manage certificates and keys?
a. Whether you use an authentication method or just a pre-shared key, you need to manage your keys and/or digital certificates (certificates are used in enterprise authentication and by TLS). Each device should have a unique certificate or key if you want the best security. You could distribute the same key to all of your devices, but then if one device is compromised, so is your entire system. It is a little harder to use the same certificate on every device since the authentication mechanism matches a certificate to the device�s address. In any case, you will need to develop a way to distribute keys and certificates and update them as required (frequent updating of keys is recommended for better security).

8. Wi-Fi security protocols are big and slow
a. If you are developing an embedded application with hundreds or thousands of units, the per-unit cost is likely an issue. This means you will likely need to scale back the performance of the device, but keep in mind that encryption is processor (and sometimes memory) intensive and the Wi-Fi security protocols are designed for the best security, with performance as a secondary requirement. When scoping the requirements for your hardware, be sure to include the requirements for the level of security you need.

9. What is your network infrastructure?
a. If your device is connected directly to the Internet, you have a much different set of problems than if you are connected to a private network over which you have control. You also should look at points of failure – for instance, if all of your devices communicate with a single access point, then that access point becomes a single point of failure for the entire system, and will be the likely target of any attacker. Adding some redundancy into your infrastructure can help alleviate this type of security concern.

10. Don�t forget that the weakest component in any secure system is the user.
a. In any system, the user is the weakest link by a large margin. Passwords that are too simple, writing passwords on slips of paper, or just plain stupidity are often at the root of any successful attack. By acknowledging this fact, you can do a few things to mitigate the issues your users (including yourself) may cause. Require that passwords are updated frequently and check for the length (8 characters is OK, more is better) and content (make sure there are non-alphanumeric characters and a mix of letters and numbers). You should also consider who has access to the system and it is not a bad idea to limit what users can do – this is precisely why most operating systems have differing levels of permissions.

The proliferation of wireless is upon us and its evolution will continue. Therefore it is extremely important for developers to stay ahead of hackers to ensure their wireless devices and networks are secure. By following these top tips, organizations can ensure their confidential information is safe from predators.

- Timothy Stapko
  Lead Software Engineer
  Digi International Inc.

View the PDF document for more information.

 First Page Previous Page 1 • 2

Comment on "Securing an embedded 802.11 Wi-Fi de..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top