A WLAN is a communication link between two or more devices which facilitates information transfer. Wi-Fi (i.e., the IEEE 802.11 standards) is a particularly ubiquitous type of WLAN. A Wi-Fi network is often used to provide access to a larger network, such as an intranet or the Internet. Wi-Fi networks are identified by a Service Set Identifier (SSID), which is commonly known as a “network name.” To prevent malicious users from connecting to a Wi-Fi network or intercepting transmissions sent over the network, a Wi-Fi network may be secured. A variety of security protocols exist for securing a Wi-Fi network, such as Wireless Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and WPA2. Access may be provided to a secured Wi-Fi network through a security key, colloquially known as a Wi-Fi password.
For numerous reasons, it may be advantageous to store the password for a Wi-Fi network on a device. Storing a Wi-Fi password may allow a device to connect to the network without requiring the user to input a password every time the user wants to connect to the network. For devices which do not have an interface convenient for a user to input a password, such as some cameras, storing the Wi-Fi password is particularly advantageous. Devices may also be configured to automatically connect to a Wi-Fi network when the network is available.
Although storing a Wi-Fi password on a device is convenient for the end user, if proper security measures are not taken, a stored password may present a significant security vulnerability. If a malicious actor gains access to a device with a stored Wi-Fi password, the password may be stolen, giving the malicious actor access to the Wi-Fi network. After acquiring the password, the malicious actor could potentially intercept or alter sensitive information sent over the Wi-Fi network. In addition, users frequently reuse passwords across different systems (e.g., websites) or use passwords which are substantially similar to each other. Accordingly, it might be substantially easier for a malicious actor who acquires a Wi-Fi password to gain access to other secure systems. Thus, Wi-Fi passwords are generally stored in some obfuscated form.
Conventionally, a Wi-Fi password is encrypted using an encryption key based on a second password which is entered by a user. This password may be, for example, a password used to unlock a device. However, a device which is not itself secured by a password cannot rely on this technique to secure a stored Wi-Fi password. Some devices, such as cameras, do not require a password to unlock the device because requiring a password inconveniences a user or because the device lacks a means for a user to input a password.
Hence, there is a need to securely store a password for a WLAN on device without requiring user authentication.