ZyXEL G-300 User Guide - Page 23

Encryption, WPA-PSK Application Example

Get ZyXEL G-300 PDF manuals and user guides View all ZyXEL G-300 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

ZyAIR G-300 User's Guide Therefore, if you don't have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a client will be granted access to a WLAN. Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC), IEEE 802.1x and Advanced Encryption Standard (AES). Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. This all happens in the background automatically. The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped. By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP, making it difficult for an intruder to break into the network. The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The commonpassword approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password. Advanced Encryption Standard (AES) is a newer method of data encryption that also uses a secret key. This implementation of AES applies a 128-bit key to 128-bit blocks of data 2.2.4 WPA-PSK Application Example A WPA-PSK application looks as follows. 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces and symbols). 2. The AP checks each client's password and (only) allows it to join the network if it matches its password. 3. The AP derives and distributes keys to the wireless clients. 4. The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between them. Using the ZyAIR Utility 2-7

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
ZyAIR G-300 User’s Guide
Using the ZyAIR Utility
2-7
Therefore, if you don’t have an external RADIUS server, you should use WPA-PSK (WPA -Pre-Shared
Key)
that only requires a single (identical) password entered into each access point, wireless gateway and
wireless client. As long as the passwords match, a client will be granted access to a WLAN.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity
Check (MIC), IEEE 802.1x and Advanced Encryption Standard (AES).
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed
by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check
(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used
twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key
hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption
keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
This all happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering
them and resending them. The MIC provides a strong mathematical function in which the receiver and the
transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has
been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity checking
mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network than WEP,
making it difficult for an intruder to break into the network.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the
two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-
password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it’s still an
improvement over WEP as it employs an easier-to-use, consistent, single, alphanumeric password.
Advanced Encryption Standard (AES) is a newer method of data encryption that also uses a secret key.
This implementation of AES applies a 128-bit key to 128-bit blocks of data
2.2.4 WPA-PSK Application Example
A WPA-PSK application looks as follows.
1.
First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must
consist of between 8 and 63 ASCII characters (including spaces and symbols).
2.
The AP checks each client’s password and (only) allows it to join the network if it matches its
password.
3.
The AP derives and distributes keys to the wireless clients.
4.
The AP and wireless clients use the TKIP encryption process to encrypt data exchanged between them.