Appendix D Wireless LANs
AMG1302-T10A User’s Guide
276
called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key
hierarchy and management system, using the PMK to dynamically generate unique data encryption
keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless
clients. This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,
altering them and resending them. The MIC provides a strong mathematical function in which the
receiver and the transmitter each compute and then compare the MIC. If they do not match, it is
assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi
network than WEP and difficult for an intruder to break into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of
WEP)
User Authentication
WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database. WPA2 reduces the number of key exchange
messages from six to four (CCMP 4-way handshake) and shortens the time required to connect to a
network. Other WPA2 authentication features that are different from WPA include key caching and
pre-authentication. These two features are optional and may not be supported in all wireless
devices.
Key caching allows a wireless client to store the PMK it derived through a successful authentication
with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not
need to go with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an
AP) to perform IEEE 802.1x authentication with another AP before connecting to it.
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless
client how to use WPA. At the time of writing, the most widely available supplicant is the
WPA patch
for Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" wireless client. However, you must run Windows XP to use it.
Summary of Contents for AMG1302-T10A
Page 4: ...Contents Overview AMG1302 T10A User s Guide 4 ...
Page 12: ...Table of Contents AMG1302 T10A User s Guide 12 ...
Page 13: ...13 PART I User s Guide ...
Page 14: ...14 ...
Page 20: ...Chapter 1 Introduction AMG1302 T10A User s Guide 20 ...
Page 52: ...Chapter 4 Tutorials AMG1302 T10A User s Guide 52 ...
Page 53: ...53 PART II Technical Reference ...
Page 54: ...54 ...
Page 126: ...Chapter 8 Wireless LAN AMG1302 T10A User s Guide 126 ...
Page 140: ...Chapter 9 Network Address Translation NAT AMG1302 T10A User s Guide 140 ...
Page 158: ...Chapter 11 Filters AMG1302 T10A User s Guide 158 ...
Page 162: ...Chapter 12 Static Route AMG1302 T10A User s Guide 162 ...
Page 166: ...Chapter 13 Port Binding AMG1302 T10A User s Guide 166 ...
Page 176: ...Chapter 15 Quality of Service QoS AMG1302 T10A User s Guide 176 ...
Page 198: ...Chapter 18 Universal Plug and Play UPnP AMG1302 T10A User s Guide 198 ...
Page 202: ...Chapter 19 CWMP AMG1302 T10A User s Guide 202 ...
Page 206: ...Chapter 20 System Settings AMG1302 T10A User s Guide 206 ...
Page 216: ...Chapter 21 Logs AMG1302 T10A User s Guide 216 ...
Page 266: ...Appendix C Pop up Windows JavaScripts and Java Permissions AMG1302 T10A User s Guide 266 ...
Page 280: ...Appendix D Wireless LANs AMG1302 T10A User s Guide 280 ...
Page 290: ...Appendix E IPv6 AMG1302 T10A User s Guide 290 ...
Page 322: ...Appendix G Legal InformationSafety Warnings AMG1302 T10A User s Guide 322 ...