Welcat GTX-100, Руководство пользователя

Страница: 82 / 171

3-9 WLAN Menu
3-27
Security Function
The GTX-100 incorporates WPA and WPA2 as the WLAN security function.
■WPA (WPA-PSK) and WPA2 (WPA2-PSK)
⋅ WPA (Wi-Fi Protected Access)
WPA is a security standard publicized in December 2002 by the Wi-Fi Alliance, an industry
organization which verifies the interconnectivity of wireless LANs. WPA was developed as a
provisional subset of the IEEE802.11i standard until IEEE802.11i is popularized.
IEEE802.1X (EAP) is employed as an authentication method and TKIP, which improved the
drawbacks of WEP, as an encryption mechanism.
⋅ WPA2 and IEEE802.11i
IEEE802.11i is a wireless LAN security standard established by IEEE in June 2004. This
standard uses IEEE802.1X (EAP) and the AES encryption mechanism.
WPA2 conforms to IEEE802.11i, in contrast to WPA, which was a temporary standard until
IEEE802.11i is established.
⋅ PSK
PSK is an abbreviation of “Pre-Shared Key.” You need to set the same encryption key to the
access point and the terminal before you set up a wireless connection between them. The en-
cryption key must be managed carefully to prevent any possible leakage to any third party. In
this sense, the key set for WEP is also a PSK.
⋅ WPA-PSK and WPA2-PSK
WPA and WPA2 support a PSK mechanism as a simplified authentication method, because
these standards require infrastructural cost and technology, such as electronic certificates and
RADIUS servers to implement IEEE802.1X (EAP) authentication.
The PSK mechanism performs simplified authentication by setting on the terminal the same
Pre-Shared Key (PSK) as the access point and communicates with the access point using the
specified encryption mechanism (TKIP/CCMP (AES)). This mechanism does not use the
PSK directly as an encryption key. Rather, it generates a temporary key using random num-
bers every time a connection is established between an access point and the terminal or at
regular intervals. This process requires an additional time,” causing a delay of few seconds at
every wireless connection with an access point when compared with “no encryption” or
“WEP mechanism” configurations.
■Encryption scheme
The GTX-100 uses an encryption scheme as described below:
⋅ TKIP
TKIP is part of the IEEE802.11i wireless LAN encryption standard and stands for “Temporal
Key Integrity Protocol,” an encryption protocol which uses temporary keys. This function
overcomes the vulnerability of WEP while utilizing the same encryption algorithm RC4 as is
used in WEP. Instead of directly encrypting a temporary key using RC4, TKIP performs the
key-mixing procedure in two phases to encrypt each packet using a different key.
⋅ AES
AES is an encryption standard developed for use by the U.S. government and uses an algo-
rithm called “Rijndael.” While AES satisfies two important requirements, safety and speed, it
requires new hardware-based processing because it uses a completely different encryption
algorithm from WEP or TKIP.
⋅ CCMP
CCMP (Counter mode with CBC-MAC Protocol) is a tamper detection protocol used in
AES. CCMP detects tamper events using the CBC-MAC (Cipher-Block Message Authenti-
cation Code) mechanism. WPA2 (IEEE802.11i) requires the use of the CCMP mechanism.