Intermec CN3 User Manual page 200

Chapter 5 — Network Support
Encryption
AES (Advanced
Encryption Standard)
CKIP (Cisco Key
Integrity Protocol)
TKIP (Temporal Key
Integrity Protocol)
WEP (Wired Equivalent
Privacy) encryption
Key Management Protocols
WPA (Wi-Fi Protected
Access)
WPA2 (Wi-Fi Protected
Access)
Authentication
EAP (Extensible
Authentication Protocol)
EAP-FAST (Flexible
Authentication via
Secure Tunneling)
186
A block cipher, a type of symmetric key cipher that uses groups of bits of a fixed length -
called blocks. A symmetric key cipher is a cipher using the same key for both encryption
and decryption.
As implemented for wireless, this is also known as CCMP, which implements AES as TKIP
and WEP are implementations of RC4.
This is Cisco's version of the TKIP protocol, compatible with Cisco Aironet products.
This protocol is part of the IEEE 802.11i encryption standard for wireless LANs., which
provides per-packet key mixing, a message integrity check and a re-keying mechanism,
thus overcoming most of the weak points of WEP. This encryption is more difficult to
crack than the standard WEP. Weak points of WEP include: No Initiation Vector (IV)
reuse protection, weak keys, no protection against message replay, no detection of message
tampering, and no key updates.
With preconfigured WEP, both the client CN3 and access point are assigned the same key,
which can encrypt all data between the two devices. WEP keys also authenticate the CN3
to the access point - unless the CN3 can prove it knows the WEP key, it is not allowed
onto the network. WEP keys are only needed if they are expected by your clients. There are
two types available: 64-bit (5-character strings, 12345) (default) and 128-bit (13-character
strings, 1234567890123). Enter these as either ASCII (12345) or Hex (0x3132333435).
This is an enhanced version of WEP that does not rely on a static, shared key. It
encompasses a number of security enhancements over WEP, including improved data
encryption via TKIP and 802.11b/g authentication with EAP. WiFi Alliance security
standard is designed to work with existing 802.11 products and to offer forward
compatibility with 802.11i.
Second generation of WPA security. Like WPA, WPA2 provides enterprise and home Wi-
Fi users with a high level of assurance that their data remains protected and that only
authorized users can access their wireless networks. WPA2 is based on the final IEEE
802.11i amendment to the 802.11 standard ratified in June 2004. WPA2 uses the
Advanced Encryption Standard (AES) for data encryption and is eligible for FIPS (Federal
Information Processing Standards) 140-2 compliance.
802.11b/g uses this protocol to perform authentication. This is not necessarily an
authentication mechanism, but is a common framework for transporting actual
authentication protocols. Intermec provides a number of EAP protocols for you to choose
the best for your network.
A publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is available as
an IETF informational draft. An 802.1X EAP type that does not require digital
certificates, supports a variety of user and password database types, supports password
expiration and change, and is flexible, easy to deploy, and easy to manage.
CN3 Mobile Computer User's Manual