User Manual for the NETGEAR RangeMax™ Wireless PCI Adapter WPN311
B-10 Wireless Networking Basics
For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity
Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger
than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices
to perform encryption operations. TKIP provides important data encryption enhancements
including a per-packet key mixing function, a message integrity check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through
these enhancements, TKIP addresses all of the known WEP vulnerabilities.
How Does WPA Compare to IEEE 802.11i?
WPA will be forward compatible with the IEEE 802.11i security specification currently under
development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i
draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the
802.11i draft that are not included in WPA are secure IBSS (Ad Hoc mode), secure fast handoff
(for specialized 802.11 VoIP phones), as well as enhanced encryption protocols, such as
AES-CCMP. These features are either not yet ready for market or will require hardware upgrades
to implement.
What are the Key Features of WPA Security?
The following security features are included in the WPA standard:
WPA Authentication
WPA Encryption Key Management
Temporal Key Integrity Protocol (TKIP)
Michael message integrity code (MIC)
AES Support (to be phased in)
Support for a Mixture of WPA and WEP Wireless Clients, but mixing WEP and WPA is
discouraged
These features are discussed below.
WPA addresses most of the known WEP vulnerabilities and is primarily intended for wireless
infrastructure networks as found in the enterprise. This infrastructure includes stations, access
points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has
access to) user credentials (for example, user names and passwords) and authenticates wireless
users before they gain access to the network.