User's Manual

ManualsBrandsSiemens Communications ManualsElectronicsHiPath Wireless AP, Altitude 450, Altitude 451

211

212

213

214

215

216

217

218

219

220

Virtual Network configuration

hwc_vnsconfiguration.fm

Configuring privacy for a VNS

A31003-W1050-U100-2-7619

, March 2008

214 HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide

• An enhanced Initialization Vector (IV) of 48 bits, instead of 24 bits, making it

more difficult to compromise

• A Message Integrity Check or Code (MIC), an additional 8-byte code that is

inserted before the standard WEP 4-byte Integrity Check Value (ICV). These

integrity codes are used to calculate and compare, between sender and

receiver, the value of all bits in a message, which ensures that the message

has not been tampered with.

The encryption portion of WPA v2 is Advanced Encryption Standard (AES). AES

includes:

• A 128 bit key length, for the WPA2/802.11i implementation of AES

• Four stages that make up one round. Each round is iterated 10 times.

• A per-packet key mixing function that shares a starting key between devices,

and then changes their encryption key for every packet or after the specified

re-key time interval expires.

• The Counter-Mode/CBC-MAC Protocol (CCMP), a new mode of operation for

a block cipher that enables a single key to be used for both encryption and

authentication. The two underlying modes employed in CCM include:

• Counter mode (CTR) that achieves data encryption

• Cipher Block Chaining Message Authentication Code (CBC-MAC) to

provide data integrity

The following is an overview of the WPA authentication and encryption process:

• Step one – The wireless device client associates with Wireless AP.

•Step two – Wireless AP blocks the client's network access while the

authentication process is carried out (the HiPath Wireless Controller sends

the authentication request to the RADIUS authentication server).

•Step three – The wireless client provides credentials that are forwarded by

the HiPath Wireless Controller to the authentication server.

• Step four – If the wireless device client is not authenticated, the wireless

client stays blocked from network access.

•Step five – If the wireless device client is authenticated, the HiPath Wireless

Controller distributes encryption keys to the Wireless AP and the wireless

client.

•Step six – The wireless device client gains network access via the Wireless

AP, sending and receiving encrypted data. The traffic is controlled with

permissions and policy applied by the HiPath Wireless Controller.