Appendix E Wireless LANs
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.
TKIP uses
TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless stations. This all happens in the background automatically.
AES (Advanced Encryption Standard) also uses a secret key. This implementation of AES applies a
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decrypt data on a
The encryption mechanisms used for WPA and
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features.
Table 185 Wireless Security Relational Matrix
AUTHENTICATION | ENCRYPTIO | ENTER |
| |
METHOD/ KEY | ENABLE IEEE 802.1X | |||
N METHOD | MANUAL KEY | |||
MANAGEMENT PROTOCOL |
| |||
Open | None | No | No | |
|
|
|
| |
Open | WEP | No | Enable with Dynamic WEP Key | |
|
|
|
| |
|
| Yes | Enable without Dynamic WEP | |
|
|
| Key | |
|
|
|
| |
|
| Yes | Disable | |
|
|
|
|
| 415 |
|
|