NETGEAR WGM511 User Manual page 60

User Manual for the NETGEAR Pre-N Wireless PC Card WGM511
The supplicant in the station uses the authentication and cipher suite information contained in
the information elements to decide which authentication method and cipher suite to use. For
example, if the access point is using the Pre-shared key method then the supplicant need not
authenticate using full-blown 802.1X. Rather, the supplicant must simply prove to the access
point that it is in possession of the pre-shared key. If the supplicant detects that the service set
does not contain a WPA information element then it knows it must use pre-WPA 802.1X
authentication and key management in order to access the network.
• Key management. WPA features a robust key generation/management system that integrates
the authentication and data privacy functions. Keys are generated after successful
authentication and through a subsequent four-way handshake between the station and access
point (AP).
• Data Privacy (Encryption). Temporal Key Integrity Protocol (TKIP) is used to wrap WEP in
sophisticated cryptographic and security techniques to overcome most of its weaknesses.
• Data integrity. TKIP includes a message integrity code (MIC) at the end of each plain text
message to ensure messages are not being spoofed.
WPA Authentication: Enterprise-level User
Authentication via 802.1x/EAP and RADIUS
Wireless LAN
WPA
enabled
wireless
client with
"supplicant"
Figure 6-3: WPA Overview
B-10
WPA enabled
Access Point
using
pre-shared key
or
Ports Opened
802.1x
Authenticated
December 2004
Wired Network with Optional
802.1x Port Based Network
Access Control
TCP/IP
Ports Closed
Until
RADIUS Server
Authentication
TCP/IP
After
Certificate
Authority
(eg Win
Login Server,
VeriSign,
etc)
Wireless Networking Basics