Teletronics TT 2400 User Manual

Authentication



Open - Open system authentication involves a two-step authentication transaction sequence. The first step in
the sequence is the identity assertion and request for authentication. The second step in the sequence is the
authentication result. If it is “successful”, The station shall be mutually authenticated. Open system
authentication does not provide authentication. It provides identification using the wireless adapter's MAC
address. Open system authentication is used when no authentication is required. It is the default
authentication algorithm.

Open system authentication uses the following process:

1. The authentication-initiating wireless client sends an IEEE 802.11 authentication management frame that contains

its identity.

2. The receiving wireless AP checks the initiating station's identity and sends back an authentication verification

frame.

3. With some wireless APs, you can configure the MAC addresses of allowed wireless clients. However, configuring

the MAC address does not provide sufficient security because the MAC address of a wireless client can be
spoofed.



Shared Key - Shared key authentication supports authentication of stations as either a member of those who
know a shared secret key or a member of those who do not. Shared key authentication is not secure and is
not recommended for use. It verifies that an authentication-initiating station has knowledge of a shared secret.
This is similar to pre-shared key authentication for Internet Protocol security (IPSec). The 802.11 standard
currently assumes that the shared secret is delivered to the participating wireless clients by means of a more
secure channel that is independent of IEEE 802.11. In practice, a user manually types this secret for the
wireless AP and the wireless client.

Shared key authentication uses the following process:

6. The authentication-initiating wireless client sends a frame consisting of an identity assertion and a request

for authentication.

7. The authenticating wireless node responds to the authentication-initiating wireless node with challenge

text.

8. The authentication-initiating wireless node replies to the authenticating wireless node with the challenge

text that is encrypted using WEP and an encryption key that is derived from the shared key authentication
secret.

9. The authentication result is positive if the authenticating wireless node determines that the decrypted

challenge text matches the challenge text originally sent in the second frame. The authenticating wireless
node sends the authentication result.

10. Because the shared key authentication secret must be manually distributed and typed, this method of

authentication does not scale appropriately in large infrastructure network mode, such as corporate
campuses.

WEP key lengths

64 bit (10 Hex Digit)

WEP Key type

Example

64-bit WEP with 5 characters

Key1= 2e3f4
Key2= 5y7js
Key3= 24fg7
Key4= 98jui