Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
4-11
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Encryption
WEP
shows the WEP encryption process. A WEP key is concatenated with an initialization vector
(IV), and this combined key is used as the seed for an RC4 keystream that is XORed with the WLAN
data. A different IV stream is used for each frame, and therefore a different combined key is used to
create a new RC4 keystream for each frame. Vulnerabilities have been exposed where repeated IVs,
along with the adaptation of a stream cipher (RC4) to create the block cipher, have resulted in an insecure
encryption mechanism that can be cracked with what are now commonly available tools. As stated
earlier, WEP is not recommended for use.
data. A different IV stream is used for each frame, and therefore a different combined key is used to
create a new RC4 keystream for each frame. Vulnerabilities have been exposed where repeated IVs,
along with the adaptation of a stream cipher (RC4) to create the block cipher, have resulted in an insecure
encryption mechanism that can be cracked with what are now commonly available tools. As stated
earlier, WEP is not recommended for use.
Figure 4-6
WEP Encapsulation Process
The LWAPP WLAN solution supports three WEP key lengths: the standard 40-bit and 104-bit key
lengths, and an additional 128-bit key. The use of the 128-bit key is not recommended because 128-bit
keys are not widely supported in WLAN clients, and the additional key length does not address the
weakness inherent in WEP encryption
lengths, and an additional 128-bit key. The use of the 128-bit key is not recommended because 128-bit
keys are not widely supported in WLAN clients, and the additional key length does not address the
weakness inherent in WEP encryption
TKIP Encryption
Two enterprise-level encryption mechanisms specified by 802.11i are certified as WPA and WPA2 by
the Wi-Fi Alliance: Temporal Key Integrity Protocol (TKIP), and Advanced Encryption Standard
(AES).
the Wi-Fi Alliance: Temporal Key Integrity Protocol (TKIP), and Advanced Encryption Standard
(AES).
TKIP is the encryption method certified as WPA. It provides support for legacy WLAN equipment by
addressing the original flaws associated with the 802.11 WEP encryption method. It does this by making
use of the original RC4 core encryption algorithm. The hardware refresh cycle of WLAN client devices
is such that TKIP (WPA) is likely to be a common encryption option for a number of years to come.
Although TKIP addresses all the known weaknesses of WEP, the AES encryption of WPA2 is the
preferred method because it brings the WLAN encryption standards into alignment with broader IT
industry standards and best practices.
addressing the original flaws associated with the 802.11 WEP encryption method. It does this by making
use of the original RC4 core encryption algorithm. The hardware refresh cycle of WLAN client devices
is such that TKIP (WPA) is likely to be a common encryption option for a number of years to come.
Although TKIP addresses all the known weaknesses of WEP, the AES encryption of WPA2 is the
preferred method because it brings the WLAN encryption standards into alignment with broader IT
industry standards and best practices.
shows a basic TKIP flow chart.
132360
-
IV
KID
PAD
Ciphertext
Data
ICV
XOR
WEP key
IV
WEP-encrypted packet
CRC-32
RC4
WEP key store
K1
K2
K3
K4
WEP
seed
Keystream