Netgear Double 108 Mbps Wireless PC Card WG511U User Manual Page 71

  • Download
  • Add to my manuals
  • Print
  • Page
    / 95
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 70
User’s Manual for the NETGEAR Double 108 Mbps Wireless PC Card 32-bit CardBus WG511U
Wireless Networking Basics B-19
August 2004
Note: For environments with a Remote Authentication Dial-In User Service (RADIUS)
infrastructure, WPA supports Extensible Authentication Protocol (EAP). For environments
without a RADIUS infrastructure, WPA supports the use of a preshared key.
Together, these technologies provide a framework for strong user authentication.
WPA Data Encryption Key Management
With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x
provide no mechanism to change the global encryption key used for multicast and broadcast
traffic. With WPA, rekeying of both unicast and global encryption keys is required.
For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for
every frame, and the change is synchronized between the wireless client and the wireless access
point (AP). For the global encryption key, WPA includes a facility (the Information Element) for
the wireless AP to advertise the changed key to the connected wireless clients.
If configured to implement dynamic key exchange, the 802.1x authentication server can return
session keys to the access point along with the accept message. The access point uses the session
keys to build, sign and encrypt an EAP key message that is sent to the client immediately after
sending the success message. The client can then use contents of the key message to define
applicable encryption keys. In typical 802.1x implementations, the client can automatically change
encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough
time to crack the key in current use.
Temporal Key Integrity Protocol (TKIP)
WPA uses TKIP to provide important data encryption enhancements including a per-packet key
mixing function, a message integrity check (MIC) named Michael, an extended initialization
vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the
following:
The verification of the security configuration after the encryption keys are determined.
The synchronized changing of the unicast encryption key for each frame.
The determination of a unique starting unicast encryption key for each preshared key
authentication.
•Michael
Page view 70
1 2 ... 66 67 68 69 70 71 72 73 74 75 76 ... 94 95

Comments to this Manuals

No comments