Table of Contents
Advertisement
168
C
7: C
HAPTER
ONFIGURING
Configuring WPA
WPA Cipher Suites
U
E
SER
NCRYPTION
Wi-Fi Protected Access (WPA) is a security enhancement to the IEEE
802.11 wireless standard. WPA provides enhanced encryption with new
cipher suites and provides per-packet message integrity checks. WPA is
based on the 802.11i standard. You can use WPA with 802.1X
authentication. If the client does not support 802.1X, you can use a
preshared key on the MAP access point and the client for authentication.
WPA supports the following cipher suites for packet encryption, listed
from most secure to least secure:
Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) — CCMP provides
Advanced Encryption Standard (AES) data encryption. To provide
message integrity, CCMP uses the Cipher Block Chaining Message
Authentication Code (CBC-MAC).
Temporal Key Integrity Protocol (TKIP) — TKIP uses the RC4
encryption algorithm, a 128-bit encryption key, a 48-bit initialization
vector (IV), and a message integrity code (MIC) called Michael.
Wired Equivalent Privacy (WEP) with 104-bit keys — 104-bit WEP
uses the RC4 encryption algorithm with a 104-bit key.
WEP with 40-bit keys — 40-bit WEP uses the RC4 encryption
algorithm with a 40-bit key.
You can configure MAP access points to support one or more of these
cipher suites. For all of these cipher suites, MSS dynamically generates
unique session keys for each session. MSS periodically changes the keys
to reduce the likelihood that a network intruder can intercept enough
frames to decode a key.
Advertisement
Table of Contents
