Teletronics TT 2400 User Manual
Page 40
o WPA addresses all known vulnerabilities in WEP, the original, less secure 40 or 104-bit encryption
scheme in the IEEE 802.11 standard. WPA also provides user authentication, since WEP lacks any
means of authentication. Designed to secure present and future versions of IEEE 802.11 devices,
WPA is a subset of the IEEE 802.11i specification. WPA replaces WEP with a strong new encryption
technology called Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC). It also
provides a scheme of mutual authentication using either IEEE 802.1X/Extensible Authentication
Protocol (EAP) authentication or pre-shared key (PSK) technology. WPA was designed and has been
scrutinized by well-known cryptographers. It can be implemented immediately and inexpensively as a
software or firmware upgrade to most existing Wi-Fi C
ERTIFIED™ access points and client devices
with minimal degradation in network performance. WPA offers standards-based, Wi-Fi CERTIFIED
security. It assures users that the Wi-Fi CERTIFIED devices they buy will be cross-vendor compatible.
When properly installed, WPA provides a high level of assurance to enterprises, small businesses and
home users that data will remain protected and that only authorized users may access their networks.
For enterprises that have already deployed IEEE 802.1X authentication, WPA offers the advantage of
leveraging existing authentication databases and infrastructure.
WPA2
o WPA2 is the second generation of WPA security; providing enterprise and consumer Wi-Fi® users with
a high level of assurance that only authorized users can access their wireless networks. Launched in
September 2004 by the Wi-Fi Alliance, WPA2 is the certified interoperable version of the full IEEE
802.11i specification which was ratified in June 2004. Like WPA, WPA2 supports IEEE 802.1X/EAP
authentication or PSK technology. It also includes a new advanced encryption mechanism using the
Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES). AES
satisfies U.S. government security requirements. It has been adopted as an official government
standard by the U.S. Department of Commerce and the National Institute of Standards and
Technology (NIST). Organizations that require the AES encryption available in WPA2 should be aware
that upgrading to it may require new hardware. Section II of this document offers a roadmap for
organizations planning to upgrade to WPA2. Considerations for its deployment are outlined in Section
III.
Cipher Type
TKIP
o Temporal Key Integrity Protocol is an upgrade to the WEP known as WEP 1.1 that fixes known
security
problems in WEP’s implementation of the RC4 stream cipher. TKIP scrambles the keys using
a hashing algorithm and, by adding an integrity-
checking feature, ensures that the keys haven’t been
tampered with.
AES
o Advanced Encryption Standard (Rijndael Cypher) is the U.S. government's next-generation
cryptography algorithm, which will replace DES and 3DES. AES works at multiple network layers
simultaneously. Supports 128, 192 and 256 bit keys. AES and 802.11i(WEP version 2) is based on
32bit processing unlink the older standard.
TKIP and AES
o If clients support both the TKIP and AES standards then this would be the strongest cipher type to use.
that combines both the TKIP and AES security.
PSK
PSK stands for Pre-Shared-Key and serves as a password. User may key in a 8 to 63 characters string to set the
password or leave it blank, in which the 802.1x Authentication will be activated. Note that if user key in own password,
make sure to use the same password on client's end.
WPA Group Key Update Interval
The Group Key (Group Transient Key) is a shared key among all Supplicants connected to the same AP, and is used to
secure multicast/broadcast traffic. It is not used for normal unicast traffic. A pair wise Transient Key secures the unicast
traffic.