System information

ManualsBrandsProCurve ManualsComputer equipment420

171

172

173

174

175

176

177

178

179

180

Wireless Security Configuration

Wireless Security Overview

starts with a master (temporal) key for each user session and then

mathematically generates other keys to encrypt each data packet. TKIP

provides further data encryption enhancements by including a message

integrity check for each packet and a re-keying mechanism, which peri-

odically changes the master key.

■ WPA Pre-Shared Key (PSK) Mode: For enterprise deployment, WPA

requires a RADIUS authentication server to be configured on the wired

network. However, for small office networks that may not have the

resources to configure and maintain a RADIUS server, WPA provides a

simple operating mode that uses just a pre-shared password for network

access. The Pre-Shared Key mode uses a common password for user

authentication that is manually entered on the access point and all wire-

less clients. The PSK mode uses the same TKIP packet encryption and key

management as WPA in the enterprise, so it provides a robust and manage-

able alternative for small networks.

■ Mixed WPA and WEP Client Support: WPA enables the access point

to indicate its supported encryption and authentication mechanisms to

clients using its beacon frame. WPA-compatible clients can likewise

respond to indicate their WPA support. This enables the access point to

determine which clients are using WPA security and which are using

legacy WEP. The access point uses TKIP unicast data encryption keys for

WPA clients and WEP unicast keys for WEP clients. The global encryption

key for multicast and broadcast traffic must be the same for all clients,

therefore it restricts encryption to a WEP key.

WPA2. WPA was introduced as an interim solution for the vulnerability of

WEP pending the ratification of the IEEE 802.11i wireless security standard.

In effect, the WPA security features are a subset of the 802.11i standard. WPA2

includes the now ratified 802.11i standard, but also offers backward compat-

ibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK modes

of operation and support for TKIP encryption. The main differences and

enhancements in WPA2 can be summarized as follows:

■ Advanced Encryption Standard (AES): WPA2 uses AES Counter-

Mode encryption with Cipher Block Chaining Message Authentication

Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBC-

MAC Protocol (AES-CCMP) provides extremely robust data confidenti-

ality using a 128-bit key. The AES-CCMP encryption cipher is specified as

a standard requirement for WPA2. However, the computationally inten-

sive operations of AES-CCMP requires hardware support on client

devices. Therefore to implement WPA2 in the network, wireless clients

must be upgraded to WPA2-compliant hardware.

7-5