Network Access and Wireless Security

Provide a brief definition of network access control
Click the card to flip 👆
1 / 12
Terms in this set (12)
Extensible Authentication Protocol (EAP) provides a generic transport service for the exchange of authentication information between a client system and an authentication server. The basic EAP transport service is extended by using a specific authentication protocol that is installed in both the EAP client and the authentication server
-Access control(IEEE 802.1 port based access control)): This function enforces the use of the authentication function,routes the messages properly, and facilitates key exchange. It can work with avariety of authentication protocols.
-Authentication and key generation (EAP): A protocol is used to define an exchange between a user and an AS that provides mutual authentication and generates temporary keys tobe used between the client and the AP over the wireless link.
-Confidentiality, data origin authentication and integrity, and replay protection(TKIP/CCMP): MAC-level data (e.g., an LLC PDU) are encrypted along with a message integrity code that ensures that the data have not been altered.
Briefly describe the five IEEE 802.11i phases of operation.Phase 1: Discovery - An AP uses messages called Beacons and Probe Responses to advertise its IEEE 802.11i security policy. The STA uses these to identify an AP or a WLAN with which it wishes to communicate. The STA associates with the AP, which it uses to select the cipher suite and authentication mechanism when the Beacons and Probe Responses present a choice. Phase 2: Authentication - During this phase, the STA and AS prove their identities to each other. The AP blocks non-authentication traffic between the STA and AS until the authentication transaction is successful. The AP does not participate in the authentication transaction other than forwarding traffic between the STA and AS. Phase 3: Key Management - The AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. Frames are exchanged between the AP and STA only. Phase 4: Protected data transfer - Frames are exchanged between the STA and the end station through the AP. As denoted by the shading and the encryption module icon, secure data transfer occurs between the STA and the AP only; security is not provided end-to-end. Phase 5: Connection termination - The AP and STA exchange frames. During this phase,the secure connection is torn down and the connection is restored to the original state.What is the difference between TKIP and CCMP?TKIP - Older, used for WEP, provides message integrity and data confidentiality, uses an algorithm called Michael for message integrity CCMP - Newer, based on AES in CCM mode, assumes that AP and STA have AES hardware. Uses a single key for encryption and decryption.