Manuals / Brands / Computer Equipment / Network Card / ZyXEL Communications / Computer Equipment / Network Card

ZyXEL Communications G-170S 2.2.4 WPA(2)-PSKApplication Example, 2.2.3.2 User Authentication

1 79

Download 79 pages, 1.62 Mb

ZyXEL G-170S User’s Guide

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP)

2.2.3.2 User Authentication

WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless stations using an external RADIUS database. WPA2 reduces the number of key exchange messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a network. Other WPA2 authentication features that are different from WPA include key caching and pre-authentication. These two features are optional and may not be supported in all wireless devices.

2.2.4 WPA(2)-PSK Application Example

A WPA(2)-PSK application looks as follows.

1First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).

2The AP checks each client's password and (only) allows it to join the network if it matches its password.

3The AP and wireless clients use the pre-shared key to generate a common PMK.

4The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.

Figure 10 WPA(2)-PSK Authentication

30	Chapter 2 Wireless LAN Network

Contents

User’s Guide Page Copyright Disclaimer Trademarks Federal Communications Commission (FCC) Interference Statement Notice Caution Certifications ZyXEL Limited Warranty Note Online Registration Customer Support Page Table of Contents ZyXEL Utility Configuration Maintenance Troubleshooting Appendix A Product Specifications Page Page List of Figures Page List of Tables Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Getting Started 1.1 About Your G-170S 1.1.1Application Overview 1.1.1.1 Infrastructure 1.1.1.2 Ad-Hoc 1.2 G-170SHardware and Utility Installation 1.3 Configuration Methods 1.4 Windows XP Users Only 1.5 Accessing the ZyXEL Utility 1.6 ZyXEL Utility Screen Summary 1.7 Connecting to a Wireless LAN 1.7.1 Site Survey Security Settings Link Info Page Page Wireless LAN Network 2.1 Wireless LAN Overview 2.1.1 SSID 2.1.2 Channel 2.1.3 Transmission Rate (Tx Rate) 2.2 Wireless LAN Security Overview 2.2.1 Data Encryption with WEP 2.2.2IEEE 2.2.2.1 EAP Authentication 2.2.3 WPA(2) 2.2.3.1 Encryption 2.2.3.2 User Authentication 2.2.4 WPA(2)-PSKApplication Example 2.2.5 WPA(2) with RADIUS Application Example 2.3 Authentication Type 2.4 Preamble Type ZyXEL Utility Configuration 3.1 The Link Info Screen 3.1.1 Trend Chart 3.2 The Site Survey Screen 3.2.1 Connecting to a WLAN Network 3.2.2Security Settings 3.2.2.1 WEP Encryption 3.2.2.2 WPA/WPA2 3.2.2.3 WPA-PSK/WPA2-PSK 3.2.2.4 IEEE 3.2.3 Confirm Save Screen 3.3 The Profile Screen 3.3.1 Adding a New Profile Page Ad-Hoc WPA WPA2 WPA-PSK WPA2-PSK DISABLE Save Activate Now Activate Later 3.4 The Adapter Screen Page Page Maintenance 4.1 The About Screen 4.2 Uninstalling the ZyXEL Utility 4.3 Upgrading the ZyXEL Utility Page Page Troubleshooting 5.1 Problems Starting the ZyXEL Utility 5.2 Problem with the Link Quality 5.3 Problems Communicating With Other Computers APPENDIX A Page Activating Wireless Zero Configuration Connecting to a Wireless Network Properties Wireless Networks Wireless Network Connection Properties Refresh network list Refresh Available networks Configure Preferred Wireless Network Connection Security Settings Association Authentication Authentication Properties Smart Card or other Certificate Properties Ordering the Preferred Networks Wireless Networks Move up Move down Remove Page EAP-MD5 (Message-DigestAlgorithm 5) EAP-TLS(Transport Layer Security) EAP-TTLS(Tunneled Transport Layer Service) PEAP (Protected EAP) LEAP Dynamic WEP Key Exchange WPA(2) Encryption User Authentication WPA(2)-PSKApplication Example WPA(2) with RADIUS Application Example Security Parameters Summary Numerics Index