hwc_vnsconfiguration.fm
A31003-W1040-U101-1-7619, July 2006 DRAFT
HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide
173
Virtual Network configuration
Configuring privacy for a VNS
● A per-packet key mixing function that shares a starting key between devices, and then
changes their encryption key for every packet (unicast key) or after the specified re-key
time interval (broadcast key) expires
● An extended WEP key length of 256-bits
● An enhanced Initialization Vector (IV) of 48 bits, instead of 24 bits, making it more difficult
to compromise
● A Message Integrity Check or Code (MIC), an additional 8-byte code that is inserted before
the standard WEP 4-byte Integrity Check Value (ICV). These integrity codes are used to
calculate and compare, between sender and receiver, the value of all bits in a message,
which ensures that the message has not been tampered with.
The encryption portion of WPA v2 is Advanced Encryption Standard (AES). AES includes:
● A 128 bit key length, for the WPA2/802.11i implementation of AES
● Four stages that make up one round. Each round is iterated 10 times.
● A per-packet key mixing function that shares a starting key between devices, and then
changes their encryption key for every packet or after the specified re-key time interval
expires.
● The Counter-Mode/CBC-MAC Protocol (CCMP), a new mode of operation for a block
cipher that enables a single key to be used for both encryption and authentication. The two
underlying modes employed in CCM include:
● Counter mode (CTR) that achieves data encryption
● Cipher Block Chaining Message Authentication Code (CBC-MAC) to provide data
integrity
The following is an overview of the WPA authentication and encryption process:
● Step one – The wireless device client associates with Wireless AP.
● Step two – Wireless AP blocks the client's network access while the authentication
process is carried out (the HiPath Wireless Controller sends the authentication request to
the RADIUS authentication server).
● Step three – The wireless client provides credentials that are forwarded by the HiPath
Wireless Controller to the authentication server.
● Step four – If the wireless device client is not authenticated, the wireless client stays
blocked from network access.
● Step five – If the wireless device client is authenticated, the HiPath Wireless Controller
distributes encryption keys to the Wireless AP and the wireless client.
To Next Page
Loading...
