NETGEAR WG302 manual Temporal Key Integrity Protocol Tkip

Page 91

Reference Manual for the NETGEAR ProSafe Wireless Access Point 802.11g WG302

Temporal Key Integrity Protocol (TKIP)

WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the following:

The verification of the security configuration after the encryption keys are determined.

The synchronized changing of the unicast encryption key for each frame.

The determination of a unique starting unicast encryption key for each preshared key authentication.

Michael

With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver.

With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity check (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. The MIC field is encrypted together with the frame data and the ICV.

Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to prevent replay attacks.

Optional AES Support to be Phased In

One of the encryption methods supported by WPA, besides TKIP, is the advanced encryption standard (AES), although AES support will not be required initially for Wi-Fi certification. This is viewed as the optimal choice for security conscience organizations, but the problem with AES is that it requires a fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP is a pragmatic compromise that allows organizations to deploy better security while AES capable equipment is being designed, manufactured, and incrementally deployed.

Wireless Networking Basics

B-15

September 2004

Page 90 Page 92
Image 91
Page 90 Page 92
Contents September Technical Support Placement and Range Guidelines Declaration of Conformity Industry Canada Compliance Statement September Contents Chapter Management Appendix a Specifications Contents Audience, Versions, Conventions Chapter About This ManualHtml version of this manual How to Use this ManualHow to Print this Manual About This Manual Chapter Introduction Supported Standards and Conventions Key FeaturesAutoCell-The Self-Organizing Wireless Network Autosensing Ethernet Connections with Auto Uplink 802.11g Standards-based Wireless NetworkingCompatible and Related Netgear Products What’s In the Box? System RequirementsHardware Description Following table explains the LED indicatorsLED Description WG302 provides two detachable antenna This socket connects to the WG302 12V 1.2A power adapterMale DB-9 serial port for serial DTE connections Introduction Observing Placement and Range Guidelines Chapter Basic Installation and ConfigurationCabling Requirements Feature Factory Default Settings Default Factory SettingsLUHOHVVDWD 6HFXULW\2SWLRQV Understanding WG302 Wireless Security OptionsSET UP the WG302 Access Point Installing the WG302 Access PointLogin window Login result WG302 home Web browser will then display the WG302 settingsBasic Settings menu Configure the settings appropriate for your networkDeploy the WG302 Access Point Verify Wireless Connectivity How to Log In to the WG302 Using Its Default IP Address Understanding Basic Wireless Settings Basic Installation and Configuration Understanding WEP/WPA Security Options Wireless Security Settings Field Description Security Encryption Field Description WPA-PSK Wi-Fi Key Before You Change the Ssid and WEP SettingsHow to Set Up and Test Basic Wireless Connectivity Select the Turn Access Control On check box How to Restrict Wireless Access by MAC AddressTo configure WEP data encryption, follow these steps How to Configure WEPClick Apply to save your settings How to Configure WPA-PSK How to Configure WPA10 Wireless Settings menu Using the Basic IP Settings OptionsAccess Point Name NetBIOS Time Zone Select the time zone location for your settingChapter Management Using the Secure Telnet InterfaceHow to Use the CLI via the Console Port These settings appear below the connector on the back panelPress the return key, and the screen below should appear CLI CommandsSyslog and Activity Log information Using Syslog and Activity Log InformationThis screen shows the following parameters Viewing General, Log, Station, and Statistical InformationField Description StatisticsWireless Access Point Status screen Statistics Fields Viewing a List of Attached Devices Upgrading the Wireless Access Point SoftwareConfiguration File Management Settings Backup menu Saving and Retrieving the ConfigurationUsing the Reset Button to Restore Factory Default Settings Restoring the WG302 to the Factory Default SettingsChanging the Administrator Password Set Password menu Management Understanding Advanced IP Settings for Wireless Clients Chapter Advanced ConfigurationAutoCell RF Management Understanding Advanced Wireless SettingsAutoCell RF management is enabled by default ConfigurationAdditional AutoCell View Management Options Table below describes the advanced wireless parameters Configuring Wireless LAN ParametersAdvanced Wireless Settings Access Point Mode settings Enabling Wireless Bridging and RepeatingPoint-to-Point Bridge How to Configure a WG302 as a Point-to-Point BridgeConfigure the Operating Mode WG302 AP1 on LAN How to Configure MultiHow to Configure Wireless Repeating Advanced Configuration No lights are lit on the access point Chapter TroubleshootingLAN light is not lit Wireless LAN activity light does not light upWhen I enter a URL or IP address I get a timeout error Cannot connect to the WG302 to configure itUsing the Reset Button to Restore Factory Default Settings Specifications for the WG302 Appendix a SpecificationsSpecifications This chapter provides an overview of Wireless networking Appendix B Wireless Networking BasicsWireless Networking Overview Infrastructure ModeAd Hoc Mode Peer-to-Peer Workgroup Authentication and WEP Data EncryptionNetwork Name Extended Service Set Identification Essid Open System Authentication Authentication$XWKHQWLFDWLRQ6WHSV Shared Key AuthenticationSends Iteback TOO!0 Overview of WEP ParametersKey Size WEP Configuration Options Wireless ChannelsWPA Wireless Security How Does WPA Compare to WEP? How Does WPA Compare to Ieee 802.11i? What are the Key Features of WPA Security?Wireless Networking Basics Figure B-3 WPA Overview Figure B-4 802.1x Authentication Sequence Access point replies with an EAP-request identity messageWPA Data Encryption Key Management Temporal Key Integrity Protocol Tkip Product Support for WPA Is WPA Perfect?Open system, then 802.1x supplicant EAP or preshared key Open system, then 802.1x EAP with Radius or preshared keyChanges to Wireless Client Programs Command Sets Appendix C Command Line ReferenceCommand Line Reference Command Line Reference Command Line Reference Glossary Dhcp DSL Internet service provider Radius TLS Wins Glossary Numerics IndexWEP B-3
Related manuals
Manual 34 pages 38.47 Kb
Top Page Image Contents