Table of Contents
Advertisement
D.2 WPA1 (TKIP) Security
Wi-Fi Protected Access (WPA) is a robust encryption scheme specified in the IEEE Wireless Fidelity (Wi-Fi)
standard, 802.11i. WPA is a security standard for systems operating with a Wi-Fi wireless connection. WPA
is designed for corporate networks and small-business (retail) environments where more wireless traffic
allows quicker discovery of encryption keys by an unauthorized person.
WPA (referred to as WPA1 within the CB3000 Client Bridge Security Mode menu) provides more
sophisticated data encryption than WEP. WEP's lack of user authentication mechanisms is addressed by
WPA. Compared to WEP, WPA provides superior data encryption and user authentication.
The CB3000 Client Bridge's WPA encryption scheme can use Temporal Key Integrity Protocol (TKIP). TKIP
addresses WEP's weaknesses with a re-keying mechanism, a per-packet mixing function, a message
integrity check, and an extended initialization vector with sequencing rules.
WPA also provides strong user authentication based on 802.1x EAP. Two requirements, strong encryption to
prevent eavesdropping and mutual authentication to ensure that sensitive information is transmitted only
over legitimate networks, must drive your wireless authentication strategy.
In practice, only methods based on the IETF's well-known Transport Layer Security (TLS) standard can satisfy
strict encryption and authentication requirements. Three TLS-based protocols have been developed for use
with EAP and are suitable for deployments with wireless LANs:
• EAP-Transport Layer Security (EAP-TLS)
• Tunneled Transport Layer Security (TTLS)
• Protected EAP (PEAP)
For detailed steps on configuring WPA1 for the CB3000 Client Bridge, see Configuring WPA1 (TKIP) Security
Settings on page 3-10.
D-3
Hide quick links:
Advertisement
Table of Contents
