"One-Touch" Wireless Security - Buffalo Technology's AOSS vs. Linksys' SecureEasySetup

Buffalo AOSS

We used Buffalo's WZR-RS-G54 Wireless Gateway (reviewed here) and WLI-CB-G54S PC Card for the AOSS tryout. The process for using AOSS is very simple. You first install the WZR-RS-G54 and client card and make sure they connect and work with no encryption.

You then start the AOSS process by pushing the AOSS button on the side of the Gateway (Figure 1) and holding it until the AOSS light on the front of the Gateway starts blinking in a recognizable double-blink, pause cadence. This is your cue to click the AOSS button buried on the Buffalo Client Manager's Profiles screen to begin the AOSS negotiation between card and router.

Figure 1: AOSS button on the Buffalo WZR-RS-G54

You don't need to hurry to click the button, since you have a two-minute window before the router terminates the AOSS search mode. The Gateway temporarily changes its SSID to ESSID-AOSS (which we observed in NetStumbler) and the card associates and authenticates using 64-bit WEP using a preset "secret" key.

An RC4-encrypted tunnel is then established and combinations of four keys (AES, TKIP, 128-bit WEP and 64-bit WEP) and four random SSID's are created by the Gateway and passed back to the client via the RC4 tunnel. The negotiation process stages are displayed in the AOSS screen (Figure 2), so the user can track progress.

Figure 2: AOSS in progress

After the client and AP find a mutually-supported security level, they both reboot with their security set to use the proper set of SSID, encryption level and key. Once the reboots are done, the client associates, authenticates using the agreed upon key and security method, and obtains a DHCP lease. When everything is complete, the AOSS completion screen (Figure 3) is displayed.

Figure 3: AOSS process complete

The whole process took about 105 seconds the couple of times we tried it, but about 30 seconds of that looked like it was due to DHCP leasing.

As we noted earlier, AOSS supports encryption levels from 64 bit WEP up to WPA2-PSK (with AES) and automatically uses the strongest encryption level supported by all wireless clients. The level negotiated in our testing was WPA-AES, which while not officially WPA2-PSK, is essentially as secure.