Manuals / NETGEAR / Computer Equipment / Network Card

NETGEAR WGE111 user manual Temporal Key Integrity Protocol TKIP, Michael

Models: WGE111

1 88

Download 88 pages 16.82 Kb

Page 77

Temporal Key Integrity Protocol (TKIP)

User Manual for the NETGEAR 54 Mbps Wireless PC Card WG511

Temporal Key Integrity Protocol (TKIP)

WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the following:

•The verification of the security configuration after the encryption keys are determined.

•The synchronized changing of the unicast encryption key for each frame.

•The determination of a unique starting unicast encryption key for each preshared key authentication.

Michael

With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver.

With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity check (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. The MIC field is encrypted together with the frame data and the ICV.

Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to prevent replay attacks.

Optional AES Support to be Phased In

One of the encryption methods supported by WPA, besides TKIP, is the advanced encryption standard (AES), although AES support will not be required initially for Wi-Fi certification. This is viewed as the optimal choice for security conscience organizations, but the problem with AES is that it requires a fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP is a pragmatic compromise that allows organizations to deploy better security while AES capable equipment is being designed, manufactured, and incrementally deployed.

Wireless Networking Basics

C-15

Image 77

NETGEAR WGE111 user manual Temporal Key Integrity Protocol TKIP, Michael, Optional AES Support to be Phased In

Contents

NETGEAR, Inc User Manual for the NETGEAR WGE111 Wireless Game AdapterStatement of Conditions Technical SupportNETGEAR, INC. Support Information E-mail support@netgear.comTested to Comply with FCC Standards NETGEAR Wireless Game Adapter WGE111VCCI Statement Federal Communications Commission FCC Radiation Exposure StatementCanadian Department of Communications Radio Interference Regulations Basic Setup ContentsChapter About This Manual ChapterTroubleshooting Chapter Web ConfigurationTechnical Specifications ChapterWireless Networking Overview Appendix C Wireless Networking BasicsAuthentication and WEP Wireless ChannelsContents Audience, Conventions, Scope Chapter About This ManualHow to Use this Manual How to Print this Manual About This Manual User Manual for the NETGEAR WGE111 Wireless Game AdapterChapter Introduction About the NETGEAR WGE111 Wireless Game AdapterNETGEAR WGE111 Wireless Game Adapter Resource CD, including Key Features and Related NETGEAR ProductsWhat’s in the Box? Introduction See the table below for a description of the LED indicator lights Status Indicators and Ports of the WGE111User Manual for the NETGEAR WGE111 Wireless Game Adapter LED DescriptionsReset Push Button Introduction User Manual for the NETGEAR WGE111 Wireless Game AdapterPreparing to Install Your WGE111 Wireless Game Adapter Chapter Basic Setup“Game Console Plug-and-Go Scenario” on page “Personal Computer Plug-and-Go Scenario” on pageSystem Requirements Placement and Range GuidelinesSwitch Position Operating ModesMode Your SystemWhat you do Wizard ConfigurationPersonal Computer Plug-and-Go Scenario Planning for TCP/IP Configuration Planning the WGE111 Wireless Game Adapter ConfigurationDynamic IP using DHCP Fixed IPSubnet mask Understanding WEP Authentication and EncryptionAuthentication Scheme Selection Encryption Strength Choices Understanding WPA-PSK Encryption Security Using the NETGEAR Smart Wizard Configuration Assistanta. Connect one end of the Ethernet cable to the Wireless Game Adapter Double-click setup.exe if the program does not start automatically Select the Infrastructure and/or Ad-Hoc mode network settings Select the TCP/IP Settings 3-14 User Manual for the NETGEAR WGE111 Wireless Game AdapterBasic Setup Configuring the Wireless Game Adapter Using TCP/IP Chapter Web ConfigurationViewing the Wireless Game Adapter Status Connecting to the Wireless Game AdapterWireless Settings Device Information Configuring the Adapter for Infrastructure Mode AccessIP Settings g only - operates in 802.11g mode only Data Rateb only - operates in 802.11b mode only The data rate is set to Auto by defaultWireless Security Using WEP Security EncryptionAuthentication Type Network Name SSIDUsing WPA-PSK Security Encryption Configuring the Wireless Game Adapter for Ad-Hoc ModeManual Entry Mode Automatic Key Generation PassphraseTo configure the WGE111 for Ad-Hoc access Figure 4-4 Wireless Networks Available Viewing the Wireless Networks AvailableConfiguring the IP Settings The default values are suitable for most users and situations Upgrading the Firmware Changing the WGE111 Wireless Game Adapter PasswordFigure 4-7 Restore Factory Defaults screen Restoring the Factory DefaultsGo to “Restoring the Default Configuration and Password” on page Chapter TroubleshootingGo to “Troubleshooting the TCP/IP Settings Using Ping” on page Solution SymptomBasic Tips Causesure all the devices are on the same IP network wireless router or access point, wait, and thenchange the wireless game adapters IP address Configuration Assistant” on page 3-9 for See “Using the NETGEAR Smart WizardI cannot configure the WGE111 from a browser Frequently Asked QuestionsTroubleshooting the Web Configuration Interface Troubleshooting the TCP/IP Settings Using PingRestoring the Default Configuration and Password Troubleshooting User Manual for the NETGEAR WGE111 Wireless Game AdapterTechnical Specifications Appendix A Technical SpecificationsTechnical Specifications User Manual for the NETGEAR WGE111 Wireless Game AdapterIP Addresses and the Internet Appendix B Understanding IP AddressesThe five address classes are Class A Netmask Figure 5-2 Example of Subnetting a Class B Address Subnet AddressingTable 5-2. Netmask Formats Table 5-1. Netmask Notation Translation Table for One OctetNumber of Bits Dotted-Decimal ValuePrivate IP Addresses IP Configuration by DHCP Address Resolution ProtocolUnderstanding IP Addresses User Manual for the NETGEAR WGE111 Wireless Game AdapterInfrastructure Mode Appendix C Wireless Networking BasicsWireless Networking Overview Network Name Extended Service Set Identification ESSID Authentication and WEPAd Hoc Mode Peer-to-Peer Workgroup Open System Authentication 802.11 Authentication1 Authentication request sent to AP 2 AP authenticates 802.11b Authentication Open System StepsAccess Point 3 Client connects to network Client attempting to connectthe data 1. Do Not Use WEP TheKey Size WEP Configuration OptionsWireless Channels WPA Wireless Security How Does WPA Compare to WEP? How Does WPA Compare to IEEE 802.11i? What are the Key Features of WPA Security?The primary information conveyed in the Beacon frames is the authentication method and the cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared key is an authentication method that uses a statically configured passphrase on both the stations and the access point. This obviates the need for an authentication server, which in many home and small office environments will not be available nor desirable. Possible cipher suites include WEP, TKIP, and AES Advanced Encryption Standard. We talk more about TKIP and AES when addressing data privacy below Wired Network with Optional 802.1x Port Based Network Access Control Wireless LANLogin Authentication Figure C-3 WPA Overview2. The access point replies with an EAP-request identity message WPA Data Encryption Key Management Michael Optional AES Support to be Phased InTemporal Key Integrity Protocol TKIP Product Support for WPA Supporting a Mixture of WPA and WEP Wireless Clients is DiscouragedIs WPA Perfect? The WPA two-phase authentication Changes to Wireless Access PointsChanges to Wireless Network Adapters The new WPA information elementChanges to Wireless Client Programs 1000BASE-T List of Glossary Terms802.1Q 802.3Dynamic Host Configuration Protocol User Manual for the NETGEAR WGE111 Wireless Game AdapterGlossary DHCPInternet service provider User Manual for the NETGEAR WGE111 Wireless Game AdapterNetwork Address Translation User Manual for the NETGEAR WGE111 Wireless Game AdapterWindows Internet Naming Service User Manual for the NETGEAR WGE111 Wireless Game AdapterGlossary WINSGlossary User Manual for the NETGEAR WGE111 Wireless Game AdapterNumerics Index