CC3000 and WPA/WPA2-EAP (Enterprise Mode)

Thanks Igor,

are there plans for future implementation? I think, this is only a matter of the API?

Unfortunately without enterprise the CC3000 is a no go...

Hi,

Is CC3000 still doesn't support Enterprise Security ? Please confirm.

I am planning to deploy CC3000 based wearable device inside hospital setting. I see that my mobile device conencts to hospital wifi through home page where I have to confirm their terms and conditions.

Can I overcome that confirmation through my software ? If yes , could you please give me some pointers in that direction ? Appreciate your help on this

Hi Srinath,

The CC3000 supports WPA/WPA2, but it does not support certificates.

If the AP you are connecting to has an "I Agree" type of page, you can "agree" from the CC3000. All you need to do is load the page and then perform an HTTP POST with the correct response. However you need то first capture this response using a PC running Fiddler or some other tool that can see the HTTP communication.

If the "I Agree" page comes in over HTTPS, you are out of luck, since the CC3000 does not support SSL.

Hi Ivor,
I do think that CC3000 can perfectly well support SSL (or HTTPS), as this is on top of normal TCP/IPv4 communication and would need to be just implemented in user code.

But this has no direct relation to connecting to an AP using certificates, which CC3000 cannot do (as the AP connection process is internal to CC3000 chipset and not controllable in detail using API or HCI commands).

Cheers,
Risto

Hi Srinath,

CC3000 does not support WPA2-EAP(802.1x). I believe connection using WPA2-EAP and authorization/confirmation are two different things here.

If during the connection to an AP, you were asked to enter the authentication details on your phone in a seperate dialog, then this is specific to WP2-EAP connection protocol using a radius server. And we do not support this.

If you are asked to authorize or agree to certain terms then that would be something related to sending response over HTTP using a HTTP client, which I think would require specific implementation at the host side. And as Ivor said, if the exchange is over HTTPS then it needs additional effort.

Thanks & Regards,
Raghavendra

Raghavendra / Ivor/ Risto,

Thank you so much for your comments. Let me summarize my understanding of our discussion.

1) When I connect my mobile to hospital network AP, if it prompts me to enter user id and password besides AP name, I assume I can't connect CC3000 device to AP

2) When I connect my mobile to hospital network AP, if it just prompts me to enter AP name and password. I am good to go with CC3000.

3) When I connect my mobile to hospital network AP, after I enter AP name and password, if it takes me to another page where I need to accept terms and conditions, it is possible to connect CC3000 to AP using both HTTP & HTTPS but with extra effort.

Please correct me if I am wrong.

Thanks,

Srinath

Risto Koiva said:

Hi Ivor,
I do think that CC3000 can perfectly well support SSL (or HTTPS), as this is on top of normal TCP/IPv4 communication and would need to be just implemented in user code.

But this has no direct relation to connecting to an AP using certificates, which CC3000 cannot do (as the AP connection process is internal to CC3000 chipset and not controllable in detail using API or HCI commands).

Cheers,
Risto

Hi Risto,

In theory you are 100% correct - the HTTPS protocol can be fully implemented in the MCU. But in practice this is not feasible, since it would require a very high end MCU. It would make more sense to go with something like a Raspberry Pi with a $7 USB WiFi dongle.

I would change #3 to the following:

3. When I connect my mobile to hospital network AP, after I enter AP name and password, if it takes me to another page where I need to accept terms and conditions, it is possible to connect CC3000 to AP using HTTP, but with extra effort. It is also possible to connect through HTTPS, but this would require a large effort in implementing HTTPS, possible hardware changes to a much more powerful MCU that can handle the encryption and enough memory to store the SSL certificates.

Ivor,

Thank you so much for your comments. I know it is too much to ask, but doesn't harm in asking :)

Currently I am using 5529 (128KB/8KB) for simple connection using TCP.

For HTTP, I can go for 5438 (256KB/16KB).

How much do you anticipate for HTTPS connection. Please advise.

Thanks,

Srinath

I don't really know if it will work on the MSP430 platform, since it is not a power platform. I just know that no one has done it yet in terms of a library. But you should probably do some more research, perhaps it could be done. Here are some related links I found on Google:

http://e2e.ti.com/support/wireless_connectivity/f/851/t/156227.aspx

http://www.embeddedrelated.com/groups/msp430/show/10256.php

It will definitely work with a more powerful platform, one where you can import OpenSSL for example.