NETGEAR WPN111 WPA Data Encryption Key Management, Temporal Key Integrity Protocol Tkip, Michael

Page 65

User Manual for the NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111

Note: For environments with a Remote Authentication Dial-In User Service (RADIUS) infrastructure, WPA supports Extensible Authentication Protocol (EAP). For environments without a RADIUS infrastructure, WPA supports the use of a preshared key.

Together, these technologies provide a framework for strong user authentication.

WPA Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

Temporal Key Integrity Protocol (TKIP)

WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the following:

The verification of the security configuration after the encryption keys are determined.

The synchronized changing of the unicast encryption key for each frame.

The determination of a unique starting unicast encryption key for each preshared key authentication.

Michael

W ire le ss N e tworkin g B a sics

B -1 9

202-10076-01

Image 65
Contents NETGEAR, I n c Technical Support FCC Information to User Ta n d a rd s Teste d to C om p lyContents Troubleshooting Index Viii Audience, Scope, Conventions Chapter About This ManualHow to Print this Manual About the WPN111 Key FeaturesChapter Introduction What’s in the Box? Road Map for ‘How to Get There From Here’Wire le ss On n e ct to a E n tify th e Wire le ss n e tworkWire le ss n etwork To le a rn a b ou t wire le ssVe rify m y n e twork Ca b le or D S L se rvice Twork Ctiva te m yCon n e ction Rovid e rs For you r ve rsion of W in d ows Rowse r su ch a sTwork Con n e ct to th e wire le ss Wire d n etwork Wire le ss a n dE P C I a m u sin g to Igh b orh oodCom b in e d Wire le ss a n d Com p u te r su p p ort grou p sTwork n e e d s to b e D P rin t S h a rin gVerifying System Requirements Chapter Basic SetupWhat You Need Before You Begin Observing Location and Range Guidelines Two Basic Operating ModesBasic Installation Instructions WPN111 Default Wireless Configuration SettingsSta llS h ie ld W iza rd For Windows XP Users Installing a WPN111Click Install Driver and Utility Ort, you V1 typ eIs 1 4 M b p s wh e re a s th e With a W in d ows X P L ogo te stin gSte p s, click th e H e lp b u tton in th e W P N 1 1 Th e se202-10076-01 N 1 1 1 R e sou rce C D Sta llS h ie ld W iza rd For Windows 2000 Users Installing a WPN111Ort is 4 8 0 M b p s N 1 1 1 S yste m Tra y I con Ou n d N e w H a rd wa re W iza rdSp e e d is 1 Tility Or re se t WPN111 Wireless Connection IndicatorsInterpreting the LED on the WPN111 Interpreting System Tray Icon Colors Using Configuration Profiles Chapter ConfigurationUnderstanding the Configuration Options Run the WPN111 Configuration Utility Connecting to an Access Point in Infrastructure ModeHow to Configure an Infrastructure Mode Profile Save your settings in a Profile Configure the wireless Network settingsVerify wireless connectivity to your network Connecting to Another PC in Ad-hoc ModeHow to Configure an Ad-hoc Mode Profile Windows Run program dialog box Configure the PC network settingsPing test results How to Start a Computer-to-Computer Ad-Hoc NetworkEnabling Wireless Security Features Configure the Security settings How to Configure WEP Encryption SecurityHow to Configure WPA-PSK Encryption Security Advanced Security StatisticsAdvanced Settings Advanced Settings202-10076-01 Basic Tips Chapter TroubleshootingGeneral Questions Frequently Asked QuestionsNew Hardware Wizard appears after installation has completed Rou b le s h ootin g Appendix a Technical Specifications Ch n ica l S p e cifica tion s Infrastructure Mode Appendix B Wireless Networking BasicsWireless Networking Overview Wireless Channels Ad Hoc Mode Peer-to-Peer WorkgroupNetwork Name Extended Service Set Identification Essid 802.11b/g Wireless Channels For U S Re qu e n cy G H z 5 5 2 5 5 2For C a n a d a W for E u rop eWPN111 user can use thirteen channels in non-turbomode 160 Wireless Security Overview152 WEP Overview WEP Authentication802.1x Cisco LeapAuthentication Open System Steps Bit WEP WEP KeysWEP Key Configuration How to Use WEP Parameters802.1x Port Based Network Access Control Figure B-4 802.1x authentication WPA Wireless Security How Does WPA Compare to WEP? How Does WPA Compare to Ieee 802.11i? What are the Key Features of WPA Security?Figure B-5 WPA Overview Figure B-6 WPA/802.1x Authentication Sequence 202-10076-01 Michael WPA Data Encryption Key ManagementTemporal Key Integrity Protocol Tkip AES Support Is WPA Perfect?Product Support for WPA Wireless network adapters Wireless client programs 202-10076-01 Configuring Windows 98 and Me for TCP/IP Networking Appendix C Preparing Your PCs for Network AccessInstall or Verify Windows Networking Components Preparing Your Computers for TCP/IP NetworkingRe p a rin g Y ou r P C s for N e twork a cce ss Locate your Network Neighborhood icon Choose Settings, and then Control PanelEnabling Dhcp in Windows 98 and Me Primary Network Logon is set to Windows logon Verifying TCP/IP Properties Selecting Windows’ Internet Access MethodConfiguring Windows 2000 or XP for TCP/IP Networking Dhcp Configuration of TCP/IP in Windows XP Dhcp Configuration of TCP/IP in Windows XP orTCP/IP details are presented on Support tab Verify that Obtain an IP address Dhcp Configuration of TCP/IP in WindowsObtain an IP address automatically is selected Verifying TCP/IP Properties for Windows XP or 202-10076-01 Glossary DSL Internet service provider Ssid Wins 202-10076-01 Numerics Index
Related manuals
Manual 87 pages 60.77 Kb