Main Site Documentation

WiFi Security with G120 and RS9110-N-11-22-05 WiFi module


#1

Our customer wants a wireless network connection for our device.
Our plan was to use a G120 custom board wit RS9110-N-11-22-05 WiFI module (like Cobra with WiFi)

Now our customer says that it needs to support the following security standards:

• IEEE 802.11a/g/n (802.11n 40MHz bandwidth

• Ability to use all European channels: 1-13, 36-140

• Support for setable country code 802.11d

• Roaming time < 1 second for EAP-TLS authentication and AES-Encryption

• WiFi security: Support of WPA2-Enterprise (Authentication: 802.1x/EAP-TLS, Encryption: AES/CCMP) with hardware support for encryption

• Support for soft certificates with the following attributes:

  • RSA key length - Certificate Authority (CA) certificate: 4096 Bits
  • RSA key length - End-entity certificate: 2048 Bits
  • Hash algorithm: SHA2

• Support of multi level certificates (chained certificates)

• Support for importing and storing an .p12 container

• Transmission of the “intermediate certificates” (Zwischenzertifikate) during authentication

• Validation of the server certificate during the authentication

• Support for PMK caching

Does G120 + Redpine module support this?
If yes: How much work can I expect to get this all running?
If no: Is there any other “easy to use” WiFi module I can use to do so?

There is also an requirement in the air for a two antenna system with full diversity.
If this would really be required: What could I use then?


#2

@ Reinhard Ostermeier - I didn’t look into all of those requirements as it fails the first few. It provides 802.11 b/g/n, no a. It has WPA2-PSK and WEP security, no WPA2-Enterprise.


#3

Thank you, I feared so.

In fact this means that we need to put a Win 7 PC in between as a Gateway, which is connected to the G120 by Ethernet.
What a silly waste of resources :wall:


#4

… or a silly set of requirements, but who wants to tell a customer that.

WPA-Enterprise is a biggie, I agree. But cert auth, for a low-level device, will always be challenging, no matter what the solution; they should revisit some of that.


#5

Check other Wi-Fi module. Many can be used through a serial port.


#6

I think the Silex SX-680 Ethernet to WiFi Bridge might be a good solution:
http://www.silexamerica.com/products/connectivity-solutions/embedded-wireless/serial-ethernet-wifi-modules/sx-680/
If I connect it to the ENC28, there should be no additional programming required.
And later on it could be used over serial with a driver.