10 kerberos authentication – Symbol Technologies Spectrum24 AP-4131 User Manual

Introduction

26

AP-4131 Access Point Product Reference Guide

IEEE 802.11 defines two types of authentication, Open System and Shared
Key. Open system authentication is a null authentication algorithm. Shared
key authentication is an algorithm where both the AP and the MU share an
authentication key to perform a checksum on the original message. Both
40-bit and 128-bit shared key encryption algorithms are supported in the
Symbol Spectrum24 Access Point. Devices are required to use the same
encryption algorithm to interoperate. APs and MUs cannot transmit and
receive if the AP is using 128-bit encryption and the MU is using a 40-bit
encryption algorithm.

By default, IEEE 802.11 devices operate in an open system network where
any wireless device can associate with an AP without authorization.
A wireless device with a valid shared key is allowed to associate with the AP.
Authentication management messages (packets) are unicast, meaning
authentication messages transmit from one AP to one MU only, not
broadcast or multicast.

1.3.10 Kerberos Authentication

Kerberos can be installed on devices supporting Windows 2000, NT 4.0 and
95/98. However, the optional KSS resides on a Windows 2000 server. The
Spectrum24 Plus Pack is required on all devices supporting Kerberos.

Authentication is critical for the security of any wireless LAN device, including
a Spectrum24 device operating on a wireless network. Traditional
authentication methods are not suitable for use in wireless networks where
an unauthorized user can monitor network traffic and intercept passwords.
The use of strong authentication methods that do not disclose passwords is
necessary. Symbol uses the Kerberos authentication service protocol
(specified in RFC 1510), to authenticate users/clients in a wireless network
environment and to securely distribute the encryption keys used for both
encrypting and decrypting plain text.