Installation guide

ManualsBrandsAscom ManualsOtherVOWIFI SYSTEM

TD 92408EN

9 December 2011 / Ver. G

System Planning

Ascom VoWiFi System

4 Security Considerations

The VoWiFi Handset can be configured to use various encryption and/or authentication

schemes. The use of extensive encryption/authentication schemes can cause incidents of

dropped speech during handover due to the time to process the authentication. No speech

frames will be delivered to/from the VoWiFi Handset until the authentication is successfully

completed.

It is recommended to use WPA2. If WPA2 securi

ty will be used

together with 802.1X

authentication, it is strongly recommended to use proactive key caching (also called

opportunistic key caching). This feature is supported by the VoWiFi Handset and enables the

reuse of an existing PMKSA (Pairwise Master Key Security Association) when roaming

between Access Points. Roaming and handover times are reduced significantly since only

fresh session encryption keys needs to be exchanged by the 4-way handshake.

WPA2-PSK authentication time is reduced by having the initial keys pre-computed in th

VoW

iFi Handset, however encryption keys are exchanged by a 4-way handshake with the

AP and may cause a short loss of speech during handover.

For handover times with different security settin

gs on particular WLAN infrastructure, see

the appropriate configuration notes in respective VoWiFi configuration manual.

The following security functions ar

e not recommended:

• WEP is not recommended.

• Shared key authentication should be avoided since this authen

tication scheme makes it

easier to crack the encryption key.

• MAC address filtering is not recommended because it do

es not provide any real

protection, only increased administration.

• Hidden SSID is not recommended because it does not provide any real protecti

on and it

makes it more difficult for WLAN clients to roam passively.

Certificate

Note: Only applic

able for VoWiFi Handset.

In addition to above security measures, the use of a cert

ificate can help to secure the

wireless connection. Once downloaded to the VoWiFi Handset, the certificate gives as a

permanent access right authentication to the specific user of the VoWiFi Handset.

The reverse of the medal is that the handling of the VoWiFi Handset is troublesome

when

using a certificate. A Site Administrator has to handle the administration, which can not be

done by the user (it requires the PDM software and the desktop programmer cradle, DP1).

The Administrator must also avoid mixing the VoWiFi Handsets when handing them out to

the right user.

Note: W

hen using a certificate in a VoWiFi Handset, the shared phone fu

nction cannot be

used.