Appendix B Wireless LANs
VMG5313-B10A/-B30A Series User’s Guide
369
WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into
each access point, wireless gateway and wireless client. As long as the passwords match, a wireless
client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on
whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less
secure than WPA or WPA2.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity
Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but
offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter
mode with Cipher block chaining Message authentication code Protocol (CCMP).
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.
AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm
called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key
hierarchy and management system, using the PMK to dynamically generate unique data encryption
keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless
clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,
altering them and resending them. The MIC provides a strong mathematical function in which the
receiver and the transmitter each compute and then compare the MIC. If they do not match, it is
assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of
WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange
messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a
network. Other WPA2 authentication features that are different from WPA include key caching and
Summary of Contents for VMG5313-B10A
Page 15: ...15 PART I User s Guide ...
Page 16: ...16 ...
Page 32: ...Chapter 2 The Web Configurator VMG5313 B10A B30A Series User s Guide 32 ...
Page 40: ...Chapter 4 Tutorials VMG5313 B10A B30A Series User s Guide 40 ...
Page 71: ...71 PART II Technical Reference ...
Page 72: ...72 ...
Page 78: ...Chapter 5 Network Map and Status Screens VMG5313 B10A B30A Series User s Guide 78 ...
Page 106: ...Chapter 6 Broadband VMG5313 B10A B30A Series User s Guide 106 ...
Page 162: ...Chapter 9 Routing VMG5313 B10A B30A Series User s Guide 162 ...
Page 180: ...Chapter 10 Quality of Service QoS VMG5313 B10A B30A Series User s Guide 180 ...
Page 198: ...Chapter 11 Network Address Translation NAT VMG5313 B10A B30A Series User s Guide 198 ...
Page 210: ...Chapter 14 Interface Group VMG5313 B10A B30A Series User s Guide 210 ...
Page 218: ...Chapter 15 USB Service VMG5313 B10A B30A Series User s Guide 218 ...
Page 232: ...Chapter 17 Firewall VMG5313 B10A B30A Series User s Guide 232 ...
Page 240: ...Chapter 19 Parental Control VMG5313 B10A B30A Series User s Guide 240 ...
Page 250: ...Chapter 21 Certificates VMG5313 B10A B30A Series User s Guide 250 ...
Page 296: ...Chapter 23 Voice VMG5313 B10A B30A Series User s Guide 296 ...
Page 300: ...Chapter 24 Log VMG5313 B10A B30A Series User s Guide 300 ...
Page 308: ...Chapter 27 xDSL Statistics VMG5313 B10A B30A Series User s Guide 308 ...
Page 318: ...Chapter 30 Remote Management VMG5313 B10A B30A Series User s Guide 318 ...
Page 322: ...Chapter 32 TR 064 VMG5313 B10A B30A Series User s Guide 322 ...
Page 332: ...Chapter 36 Log Setting VMG5313 B10A B30A Series User s Guide 332 ...
Page 336: ...Chapter 37 Firmware Upgrade VMG5313 B10A B30A Series User s Guide 336 ...
Page 352: ...Chapter 40 Troubleshooting VMG5313 B10A B30A Series User s Guide 352 ...
Page 354: ...354 ...
Page 374: ...Appendix B Wireless LANs VMG5313 B10A B30A Series User s Guide 374 ...
Page 390: ...Appendix E Legal Information VMG5313 B10A B30A Series User s Guide 390 ...