Manualshelf

- ZyXEL USB Powered Travel Router Manual

ManualsBrandsZyXEL Communications ManualsNetwork RouterUSB Powered Travel Router MWR102
131132133134135136137138139140
137
WPA(2)
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is
a wireless security standard that defines stronger encryption, authentication and key
management than WPA.
Key differences between WPA(2) and WEP are improved data encryption and user
authentication.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP),
Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced
Encryption Standard (AES) in the Counter mode with Cipher block chaining Message
authentication code Protocol (CCMP) to offer stronger encryption.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a Message
Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules,
and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is never
used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then
sets up a key hierarchy and management system, using the pair-wise key to dynamically
generate unique data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients. This all happens in the background
automatically.
WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical
algorithm called Rijndael.
The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data
packets, altering them and resending them. The MIC provides a strong mathematical function in
which the receiver and the transmitter each compute and then compare the MIC. If they do not
match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity
checking mechanism (MIC), TKIP makes it much more difficult to decode data on a Wi-Fi network
than WEP, making it difficult for an intruder to break into the network.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force