"One-Touch" Wireless Security - Buffalo Technology's AOSS vs. Linksys' SecureEasySetup

The Technologies compared

Buffalo developed AOSS in-house and was first to market, shipping its WBR2-G54 in March 2004. Linksys, on the other hand, adopted SES from Broadcom, which supplies the wireless chipsets for many of Linksys' - and Buffalo's - WLAN products. Broadcom announced the first version of SES - called SecureEZSetup - at the beginning of May 2004 and demonstrated it at the Networld+Interop show later that month. The first version of SES required a "wizard" application to be run that prompted the user with two questions to be answered to begin its process. The current SecureEasySetup has eliminated the wizard and has adopted AOSS' router / AP client pushbutton method to start the process.

Buffalo provides details of how AOSS performs its magic via this white paper (PDF), and while neither Broadcom nor Linksys has published an SES white paper or technical details, Linksys did provide us with enough details on SES's workings to make a comparison.

AOSS uses a secret 64 bit WEP key to establish the initial authentication of client and AP, but then switches to an RC4-encrypted tunnel that uses a dynamically generated key for all subsequent communications between the two. SES starts out with a WPA-PSK / TKIP connection then switches to a Diffie-Hellman secured connection.

The two methods also differ in their supported security levels. AOSS supports security levels from the weakest 64 bit WEP to the strongest available WPA2-PSK, while SES supports only devices capable of WPA-PSK / TKIP security. This difference is indicative of the two companies' approach to the market.

Linksys' SES Product Manager said that WPA2 is not supported because "WPA2-AES is not as widely adopted right now as WPA-TKIP". But he also said that "as WPA2-AES becomes more widely adopted, we may update SES to support WPA2-AES". And as far as the other end of the security spectrum, the PM said SES will NOT support WEP connections, citing that a "network is only as strong as its weakest link".

Although it can be argued that AOSS' support of WEP leads to weaker security, Buffalo thinks it is taking a more pragmatic approach. Even though WEP is a flawed security method, WEP protection is better than no protection at all. Buffalo's approach also accomodates cost-driven consumer product manufacturers, who think WEP is sufficient for devices such as gaming consoles, Wi-Fi phones and similar products.

AOSS also exceeds SES's capability at the other end of the security scale. It currently supports WPA-PSK with the optional AES encryption that Broadcom has supported in its drivers since it first rolled out WPA support. While WPA-PSK with AES isn't actually WPA2-PSK, it provides the same level of encryption and stronger protection than WPA-PSK with its mandatory TKIP. Buffalo also said that WPA2 support is currently in development and that there would be an AOSS WPA2 upgrade available, but did not provide a timeframe.