Bsap Data Encryption Options - ADTRAN BlueSecure Controller Setup And Administration Manual

the BSAP and all wireless clients. The PSK mode uses either TKIP or AES for packet
encryption and key management as WPA in the enterprise, providing a robust and
manageable alternative for small networks.When the WPA mode is set to "pre-shared-
key," the key must first be generated and distributed to all wireless clients before they can
successfully associate with the BSAP.
WPA2 Wi-Fi Protected Access 2 (WPA2) is the second generation of WPA security and is based
on the final IEEE 802.11i amendment to the 802.11 standard.
Clients are authenticated using 802.1x via a RADIUS server. Each client has to be WPA2-
enabled or support 802.1x client software. A RADIUS server must also be configured and
be available in the wired network.
Keys are generated for each wireless client associating with the BSAP. These keys are
regenerated periodically, and also each time the wireless client is re-authenticated.
WPA2-PSK The Pre-Shared Key mode uses a common password for user authentication that is
manually entered on the BSAP and all wireless clients. The PSK mode uses either TKIP or
AES for packet encryption and key management as WPA in the enterprise, providing a
robust and manageable alternative for small networks.When the WPA2 mode is set to
"pre-shared-key," the key must first be generated and distributed to all wireless clients
before they can successfully associate with the BSAP.
WPA + WPA2 Use both WPA and WPA2 authentication as described above.
WPA-PSK + Use both WPA-PSK and WPA2-PSK authentication as described above.
WPA2-PSK

BSAP Data Encryption Options

Possible BSAP data encryption options are:
WEP (This option cannot be used with 802.11n when connecting at rates above 54Mhz).
Wired Equivalent Privacy (WEP) WEP provides a basic level of security, preventing
unauthorized access to the network and encrypting data transmitted between wireless
clients and the BSAP. WEP uses static shared keys (fixed-length hexadecimal or
alphanumeric strings) that are manually distributed to clients wanting to use the network.
WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless
communications. Unfortunately, WEP has been found to be seriously flawed and cannot
be recommended for a high level of network security.
Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy (WEP)
on the BSAP to prevent unauthorized access to the network.
If you choose to use WEP shared keys instead of an open system, be sure to define at
least one static WEP key for user authentication and data encryption. Also, be sure that
the WEP shared keys are the same for each client in the wireless network.
AES-OCB Advanced Encryption Standard - Offset Code Book (AES-OCB). This new encryption
standard is a version of the AES standard recently adopted by the U.S. government as the
replacement for 3DES. WPA specifies AES encryption as an optional alternative to TKIP
and WEP. AES provides very strong encryption using a completely different ciphering
algorithm to TKIP and WEP. The developing IEEE 802.11i wireless security standard has
specified AES as an eventual replacement for TKIP and WEP. However, because of the
difference in ciphering algorithms, AES requires new hardware support in client network
cards that is currently not widely available.
AES-CCM AES-CCM mode is the combination of Cipher Block Chaining Counter mode (CBC-CTR
mode) and CBC Message Authenticity Check (CBC-MAC). The functions are combined to
provide encryption and message integrity in one solution.
BlueSecure™ Controller Setup and Administration Guide
Creating SSIDs
12-21