Page 141 / 162 Scroll up to view Page 136 - 140
Reference Manual for the MR814 v3 Cable/DSL Wireless Router
Wireless Networking Basics
D-5
202-10039-01
Shared Key Authentication
requires that the station and the access point have the same WEP
Key to authenticate. These two authentication procedures are described below.
Open System Authentication
The following steps occur when two devices use Open System Authentication:
1.
The station sends an authentication request to the access point.
2.
The access point authenticates the station.
3.
The station associates with the access point and joins the network.
This process is illustrated in below.
Figure 8-1:
802.11b open system authentication
Shared Key Authentication
The following steps occur when two devices use Shared Key Authentication:
1.
The station sends an authentication request to the access point.
2.
The access point sends challenge text to the station.
3.
The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and
sends the encrypted text to the access point.
4.
The access point decrypts the encrypted text using its configured WEP Key that corresponds
to the station’s default key. The access point compares the decrypted text with the original
challenge text. If the decrypted text matches the original challenge text, then the access point
and the station share the same WEP Key and the access point authenticates the station.
FVM318
Access Point
1) Authentication request sent to AP
2) AP authenticates
3) Client connects to network
802.11b Authentication
Open System Steps
Cable or
DLS modem
Client
attempting
to connect
Page 142 / 162
Reference Manual for the MR814 v3 Cable/DSL Wireless Router
D-6
Wireless Networking Basics
202-10039-01
5.
The station connects to the network.
If the decrypted text does not match the original challenge text (i.e., the access point and station do
not share the same WEP Key), then the access point will refuse to authenticate the station and the
station will be unable to communicate with either the 802.11b network or Ethernet network.
This process is illustrated in below.
Figure 8-2:
802.11b shared key authentication
Overview of WEP Parameters
Before enabling WEP on an 802.11b network, you must first consider what type of encryption you
require and the key size you want to use. Typically, there are three WEP Encryption options
available for 802.11b products:
1.
Do Not Use WEP:
The 802.11b network does not encrypt data. For authentication purposes, the
network uses Open System Authentication.
2.
Use WEP for Encryption:
A transmitting 802.11b device encrypts the data portion of every
packet it sends using a configured WEP Key. The receiving 802.11b device decrypts the data using
the same WEP Key. For authentication purposes, the 802.11b network uses Open System
Authentication.
FVM318
Access Point
1) Authentication
request sent to AP
2) AP sends challenge text
3) Client encrypts
challenge text and
sends it back to AP
4) AP decrypts,and if correct,
authenticates client
5) Client connects to network
802.11b Authentication
Shared Key Steps
Cable or
DLS modem
Client
attempting
to connect
Page 143 / 162
Reference Manual for the MR814 v3 Cable/DSL Wireless Router
Wireless Networking Basics
D-7
202-10039-01
3.
Use WEP for Authentication and Encryption:
A transmitting 802.11b device encrypts the
data portion of every packet it sends using a configured WEP Key. The receiving 802.11b device
decrypts the data using the same WEP Key. For authentication purposes, the 802.11b network uses
Shared Key Authentication.
Note:
Some 802.11b access points also support
Use WEP for Authentication Only
(Shared Key
Authentication without data encryption).
Key Size
The IEEE 802.11b standard supports two types of WEP encryption: 40-bit and 128-bit.
The 64-bit WEP data encryption method, allows for a five-character (40-bit) input. Additionally,
24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. (The 24
factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all
data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption
as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits
wide.
The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the
forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user
configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal
characters to ease encryption key entry.
128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available
outside of the United States due to U.S. export regulations.
When configured for 40-bit encryption, 802.11b products typically support up to four WEP Keys.
Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). For
example, “12 34 56 78 90” is a 40-bit WEP Key.
When configured for 128-bit encryption, 802.11b products typically support four WEP Keys but
some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of
two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90”
is a 128-bit WEP Key.
Note:
Typically, 802.11b access points can store up to four 128-bit WEP Keys but some 802.11b
client adapters can only store one. Therefore, make sure that your 802.11b access and client
adapters configurations match.
Page 144 / 162
Reference Manual for the MR814 v3 Cable/DSL Wireless Router
D-8
Wireless Networking Basics
202-10039-01
WEP Configuration Options
The WEP settings must match on all 802.11b devices that are within the same wireless network as
identified by the SSID. In general, if your mobile clients will roam between access points, then all
of the 802.11b access points and all of the 802.11b client adapters on the network must have the
same WEP settings.
Note:
Whatever keys you enter for an AP, you must also enter the same keys for the client adapter
in the same order. In other words, WEP key 1 on the AP must match WEP key 1 on the client
adapter, WEP key 2 on the AP must match WEP key 2 on the client adapter, etc.
Note:
The AP and the client adapters can have different default WEP Keys as long as the keys are
in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a
client adapter can use WEP key 3 as its default key to transmit. The two devices will communicate
as long as the AP’s WEP key 2 is the same as the client’s WEP key 2 and the AP’s WEP key 3 is
the same as the client’s WEP key 3.
WPA Wireless Security
Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security
enhancements that increase the level of data protection and access control for existing and future
wireless LAN systems.
The IEEE introduced the WEP as an optional security measure to secure 802.11b (Wi-Fi) WLANs,
but inherent weaknesses in the standard soon became obvious. In response to this situation, the
Wi-Fi Alliance announced a new security architecture in October 2002 that remedies the short
comings of WEP. This standard, formerly known as Safe Secure Network (SSN), is designed to
work with existing 802.11 products and offers forward compatibility with 802.11i, the new
wireless security architecture being defined in the IEEE.
WPA offers the following benefits:
Enhanced data privacy
Robust key management
Data origin authentication
Data integrity protection
Page 145 / 162
Reference Manual for the MR814 v3 Cable/DSL Wireless Router
Wireless Networking Basics
D-9
202-10039-01
The Wi-Fi Alliance is now performing interoperability certification testing on Wi-Fi Protected
Access products. Starting August of 2003, all new Wi-Fi certified products will have to support
WPA. NETGEAR will implement WPA on client and access point products and make this
available in the second half of 2003. Existing Wi-Fi certified products will have one year to add
WPA support or they will loose their Wi-Fi certification.
The 802.11i standard is currently in draft form, with ratification due at the end of 2003. While the
new IEEE 802.11i standard is being ratified, wireless vendors have agreed on WPA as an
interoperable interim standard.
How Does WPA Compare to WEP?
WEP is a data encryption method and is not intended as a user authentication mechanism. WPA
user authentication is implemented using 802.1x and the Extensible Authentication Protocol
(EAP). Support for 802.1x authentication is required in WPA. In the 802.11 standard, 802.1x
authentication was optional. For details on EAP specifically, refer to IETF's RFC 2284.
With 802.11 WEP, all access points and client wireless adapters on a particular wireless LAN must
use the same encryption key. A major problem with the 802.11 standard is that the keys are
cumbersome to change. If you don't update the WEP keys often, an unauthorized person with a
sniffing tool can monitor your network for less than a day and decode the encrypted messages.
Products based on the 802.11 standard alone offer system administrators no effective method to
update the keys.
For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity
Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger
than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices
to perform encryption operations. TKIP provides important data encryption enhancements
including a per-packet key mixing function, a message integrity check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through
these enhancements, TKIP addresses all of known WEP vulnerabilities.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top