User guide
Security
7-21
Alvarion
The key roll-over possibilities built in the 802.11 standard and offered by
BreezeNET allow for a number of scenarios, each with different values for the
above aspects.
The sequence of key configuration settings at Base Station (shown as AP=Base
Station) and Station (shown as STA) over time is shown in a number of tables
below. Each table reflects a certain key roll-over strategy. Notice that the
column “Outward Key” shows which key is used to encrypt traffic from AP to
STA and the column “Inward Key(s)” indicates the key(s) that are allowed and
possibly used to encrypt traffic from STA to AP. The WEP Keys that are
configured are shown in order of index number 1-2-3-4; the column “Tx” is the
index number configured for transmission. The key values are shown by capital
letters to indicate a real key or by zero to indicate a non-configured index.
The column “Keys 1-2-3-4” shows an equal sign (=) when the value does not
change from the previous period. This is particularly relevant when it concerns
the stations keys, since it is envisaged that knowledge of the key values is
typically not transferred to the end users, so they have to return their station
equipment to an IT department to get the key values changed. It is envisaged
that changing the Txkey Index is an action that can be done by end users, since
it does not reveal secret information.
Three key roll-over strategies are distinguished:
! Single Key – No Transition on page 7-21,
! Single Key – Transition Period on page 7-22, and
! Alternative Schemes on page 7-23.
Single Key – No Transition
Table 7-4 shows a system, where at each point in time only one single key is
used. The key to be used is dictated by the AP settings, showing only one valid
key at each period. This requires a change over of keys at all stations more or
less synchronous with the Base Station configuration changes. This is not
practical and hence there are four keys.