Wifi onboarding - best approach?
Posted: Fri Jul 10, 2015 8:50 amLooking for thoughts on Wifi on-boarding techniques?
I've managed to get the module to work as in option 1, but I'm not too happy with it from a security POV.
********************************************************
Option 1
********************************************************
1- On power up, ESP retrieves previously stored Wifi information (SSID and password) and attempts to connect every 1/2 second until successful (up to a maximum of 20 attempts).
2 -ESP module checks if there has been a successful connection to a Wifi network
2.1 - If a Wifi connection is made, then skip the following and goto step 3
2.2 - If no Wifi connection then goto 2.2.1
2.2.1 - Convert ESP module into AP mode and broadcast a set SSID e.g. "ESP_REQ".
2.2.2 - User signs into wifi network "ESP_REQ"
2.2.3 - User uses a tablet (or laptop etc) to navigate to IP 192.168.4.1.
2.2.4 - ESP module sees a HTML request and displays a web page back, which allows data entry
2.2.4 - User uses the tablet to enter the intended SSID and password into the webpage and presses enter
2.2.5 - The ESP module takes the data and tries to connect to the Wifi network using data entered in the previous step.
2.2.6 - The ESP module checks again for a successful connection.
2.2.6.1 - If a connection has been made, then store the ssid info and reset the device (e.g. restart back at step 1 above).
2.2.6.2 - If no connection can be made. then goto step 2.1.4
3 -ESP module is now connected as a client and sends data through Wifi network
********************************************************
Option 2
********************************************************
1- On power up, the ESP module checks if a GPIO button is held low.
2.1 - If GPIO button is HIGH
2.1.1 The ESP module continuously tries to connect using stored Wifi information (SSID and password) every 1/2 second until successful (with no maximum), once a connection has been made, goto step 3.
2.2 -If GPIO button is LOW
2.2.1 The ESP module is converted into AP mode and broadcasts a set SSID e.g. "ESP_REQ".
2.2.2 - User signs into wifi network "ESP_REQ"
2.2.3 - User uses a tablet (or laptop etc) to navigate to IP 192.168.4.1.
2.2.4 - ESP module sees a HTML request and displays a web page back, which allows data entry
2.2.4 - User uses the tablet to enter the intended SSID and password into the webpage and presses enter
2.2.5 - The ESP module takes the data and tries to connect to the Wifi network using data entered in the previous step.
2.2.6 - The ESP module checks again for a successful connection.
2.2.6.1 - If a connection has been made, then store the ssid info and reset the device (e.g. restart back at step 1 above).
2.2.6.2 - If no connection can be made. then goto step 2.1.4
3 -ESP module is now connected as a client and sends data through Wifi network
*********************************************************
Both options allow for on-boarding, but it could be argued that option 1 is potentially open to remote maliciousness . This is because the decision to convert to an AP is time based on their being "no connection" , whilst option 2 is based on an explicit local action (making GPIO button LOW)
Any thoughts?
I've managed to get the module to work as in option 1, but I'm not too happy with it from a security POV.
********************************************************
Option 1
********************************************************
1- On power up, ESP retrieves previously stored Wifi information (SSID and password) and attempts to connect every 1/2 second until successful (up to a maximum of 20 attempts).
2 -ESP module checks if there has been a successful connection to a Wifi network
2.1 - If a Wifi connection is made, then skip the following and goto step 3
2.2 - If no Wifi connection then goto 2.2.1
2.2.1 - Convert ESP module into AP mode and broadcast a set SSID e.g. "ESP_REQ".
2.2.2 - User signs into wifi network "ESP_REQ"
2.2.3 - User uses a tablet (or laptop etc) to navigate to IP 192.168.4.1.
2.2.4 - ESP module sees a HTML request and displays a web page back, which allows data entry
2.2.4 - User uses the tablet to enter the intended SSID and password into the webpage and presses enter
2.2.5 - The ESP module takes the data and tries to connect to the Wifi network using data entered in the previous step.
2.2.6 - The ESP module checks again for a successful connection.
2.2.6.1 - If a connection has been made, then store the ssid info and reset the device (e.g. restart back at step 1 above).
2.2.6.2 - If no connection can be made. then goto step 2.1.4
3 -ESP module is now connected as a client and sends data through Wifi network
********************************************************
Option 2
********************************************************
1- On power up, the ESP module checks if a GPIO button is held low.
2.1 - If GPIO button is HIGH
2.1.1 The ESP module continuously tries to connect using stored Wifi information (SSID and password) every 1/2 second until successful (with no maximum), once a connection has been made, goto step 3.
2.2 -If GPIO button is LOW
2.2.1 The ESP module is converted into AP mode and broadcasts a set SSID e.g. "ESP_REQ".
2.2.2 - User signs into wifi network "ESP_REQ"
2.2.3 - User uses a tablet (or laptop etc) to navigate to IP 192.168.4.1.
2.2.4 - ESP module sees a HTML request and displays a web page back, which allows data entry
2.2.4 - User uses the tablet to enter the intended SSID and password into the webpage and presses enter
2.2.5 - The ESP module takes the data and tries to connect to the Wifi network using data entered in the previous step.
2.2.6 - The ESP module checks again for a successful connection.
2.2.6.1 - If a connection has been made, then store the ssid info and reset the device (e.g. restart back at step 1 above).
2.2.6.2 - If no connection can be made. then goto step 2.1.4
3 -ESP module is now connected as a client and sends data through Wifi network
*********************************************************
Both options allow for on-boarding, but it could be argued that option 1 is potentially open to remote maliciousness . This is because the decision to convert to an AP is time based on their being "no connection" , whilst option 2 is based on an explicit local action (making GPIO button LOW)
Any thoughts?
