5.3 Wi-Fi Security

The following types of security are supported in the WINC Wi-Fi STA mode.

  • OPEN
  • WEP (Wired Equivalent Protocol)
  • WPA/WPA2 (Wi-Fi Protected Access - Personal Security mode that is Passphrase)
  • 802.1X (WPA/WPA2-Enterprise security)

For 802.1X Enterprise Security, the following authentication methods are supported from ATWINC1500 firmware version 19.6.1.

  • EAP-TLS
  • EAP-PEAPv0/TLS
  • EAP-PEAPv1/TLS
  • EAP-TTLSv0/MSCHAPv2
  • EAP-PEAPv0/MSCHAPv2
  • EAP-PEAPv1/MSCHAPv2

The m2m_wifi_connect is deprecated from v19.6.1 and above firmware. The legacy APIs m2m_wifi_connect and m2m_wifi_connect_sc are available as wrappers for the new APIs. Functionally its behavior is unchanged from previously released drivers.

The recommended API for various security type such as OPEN, WEP, WPA/WPA2, 802.1X are summarized in the Table 5-1.

All new connect APIs, enable connection to a particular access point by specifying its BSSID and the SSID. To restrict connection to a specific access point, the application can specify the BSSID (in addition to SSID) in the argument tstrNetworkId -> pu8Bssid.

The application can instruct the WINC whether to store the credentials or not to store in Flash and also whether the saved credentials must be encrypted or not. This is done by configuring the enum tenuCredStoreOption.

For enterprise security, the application can configure WINC to send actual identity or use anonymous identity during phase 1 authentication. This can be done by setting or clearing bUnencryptedUserName in argument tstrAuth1xTls or tstrAuth1xMschap2.

For more details on usage of API m2m_wifi_connect_1x_tls, refer ASF (v3.42 or above) example "WINC1500 Connecting a EAP-TLS / PEAPv0 with TLS / PEAPv1 with TLS Secured AP Example".

For more details on usage of API m2m_wifi_connect_1x_mschap2, refer ASF (v3.42 or above) example "WINC1500 Connecting a EAP-TTLSv0 with MSCHAPv2 / EAP-PEAPv0 with MSCHAPv2 / EAP-PEAPv1 with MSCHAPv2 Secured AP Example".