ZyXEL Communications AG-200 manual WPA-PSK Application Example, User Authentication, Encryption

Page 38

ZyXEL AG-200 User’s Guide

User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database.

Therefore, if you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN.

Encryption

WPA improves data encryption by using either Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network.

The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common- password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password.

2.2.4 WPA-PSK Application Example

A WPA-PSK application looks as follows.

Step 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols).

Step 2. The AP checks each client’s password and (only) allows it to join the network if it matches its password.

Step 3. The AP derives and distributes keys to the wireless clients.

2-6

WLAN Networking

Page 37 Page 39
Image 38
Page 37 Page 39
Contents ZyXEL AG-200 Trademarks Copyright 2004 by ZyXEL Communications CorporationDisclaimer ZyXEL Limited Warranty Online RegistrationFCC Statement Customer Support Table of Contents ZyXEL AG-200 User’s Guide Related Documentation About This Users GuideSyntax Conventions User Guide FeedbackGraphics Icons Key Page About Your ZyXEL AG-200 ZyXEL AG-200 Hardware and Utility InstallationUsing the ZyXEL Utility to Configure Your Network ZyXEL AG-200 User’s Guide Network Profile AddZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide Properties RemoveApply Each page in Properties is explained below ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide Security Mode ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide Strong Scan Site SurveyRefresh Detail Info Connect Add to profileAuto Dhcp renewal OptionsLaunch at windows startup Auto-Profile SelectionZyXEL AG-200 User’s Guide Getting Started Version Page Ssid Wireless Network ApplicationOverview ChannelAd-Hoc Ibss BSS Example Roaming Infrastructure Network ExampleWireless LAN Security Roaming ExampleIeee EAP AuthenticationData Encryption with WEP 3 WPAEncryption User AuthenticationWPA-PSK Application Example WPA-PSK Authentication WPA with Radius Application ExampleFragmentation Threshold RTS/CTS ThresholdAuthentication Type RTS ThresholdZyXEL AG-200 User’s Guide Chapter Maintenance Version ScreenUninstalling the ZyXEL Utility AboutUpgrading the ZyXEL Utility Page Configuring Security Configuring WEPZyXEL AG-200 User’s Guide Configuring WPA-PSK Configuring 802.1x EAP-MD5 Configuring WPAConfiguring Configuring 802.1x EAP-LEAP Configuring 802.1x EAP-PEAPZyXEL AG-200 User’s Guide Configuring 802.1x EAP-TLS ZyXEL AG-200 User’s Guide Configuring 802.1x EAP-TTLS ZyXEL AG-200 User’s Guide Troubleshooting Starting ZyXEL Utility Program Problems Starting the ZyXEL Utility ProgramProblem with the Link Status Troubleshooting Link QualityProblems Communicating With Other Computers Troubleshooting Communication ProblemsEAP-TLS Transport Layer Security EAP-TTLS Tunneled Transport Layer ServiceEAP-MD5 Message-Digest Algorithm Peap Protected EAPComparison of EAP Authentication Types Leap
Related manuals
Manual 2 pages 60.26 Kb
Top Page Image Contents