Table of Contents
Advertisement
is derived from and is forward-compatible with the upcoming IEEE
802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP)
and Michael message integrity check (MIC) for data protection, and
802.1X for authenticated key management.
WPA supports two mutually exclusive key management types: WPA and
WPA passphrase (also known as WPA-Pre Shared Key (PSK)). Using
WPA, clients and the authentication server authenticate to each other
using an EAP authentication method, and the client and server generate a
pairwise master key (PMK). The server generates the PMK dynamically
and passes it to the access point.
WPA-PSK security
Enables WPA passphrase security (also known as WPA-Pre Shared Key
(PSK)).
802.1x security
Enables 802.1x security. This option requires IT administration. This
option includes the EAP (with dynamic WEP keys) security protocols:
EAP, PEAP, and LEAP.
802.1x is the standard for wireless LAN security defined by IEEE as 802.1x
for 802.11, or simply 802.1x. An access point that supports 802.1x and its
protocol, Extensible Authentication Protocol (EAP), acts as the interface
between a wireless client and an authentication server such as a RADIUS
server, to which the access point communicates over the wired network.
Pre-Shared Key security (Static WEP)
Static WEP enables the use of up to four pre-shared (static wired equivalent privacy
(WEP)) keys that are defined on both the access point and the client station.
These keys are stored in an encrypted format in the registry of the
Windows device. When the driver loads and reads the USB device's
registry parameters, it also finds the static WEP keys, decrypts them, and
stores them in volatile memory on the USB device.
If a device receives a packet that is not encrypted with the appropriate key,
the device discards the packet and never delivers it to the intended recipient.
This is because the WEP keys of all devices that are to communicate with each
other must match.
Authentication Process
Enabling EAP on the access point and configuring the USB device to LEAP,
EAP-TLS, PEAP (EAP-GTC), or PEAP (EAP-MSCHAP V2) authentication to
the network occurs in the following sequence:
1. The client associates to an access point and begins authentication.
2. Communicating through the access point, the client and RADIUS server
complete authentication with the password (LEAP and PEAP) or
certificate (EAP-TLS). The password is never transmitted during the
process.
3. After successful authentication, the client and RADIUS server derive a
dynamic WEP key unique to the client.
4. The RADIUS server transmits the key to the access point using a secure
channel on the wired LAN.
5. For the length of a session the access point and the client use this key to
15
Advertisement
Table of Contents
