... WEP Key Rotation in AP2000

More documents

Recommendations

Info

... WEP Key Rotation in AP2000associated with. To increase the integrity of the system, this authenticationprocess will be repeated on a periodic basis, after a re-authenticationinterval set by the network administrator.Key rotation is impacted by two timing intervals:• The re-keying interval used by the AP to generate a new set of WEP keys• The re-authentication interval used by the client to re-authenticateWithin the initial implementation of the WEP-key rotation scheme in the AP-2000 (release 1) the re-keying interval and the re-authentication interval isthe same. The value can be set by the network administrator as part of theRADIUS related parameters.In release 2.0 the network administrator can specify different values forthese time intervals. So it would be possible for the re-authentication time tobe much larger than the re-keying time.Release 1 implementation -WEP Key rotation in an IEEE 802.1x only environmentIn the release 1 implementation of the AP-2000 the re-keying interval is thesame as the re-authentication interval and set in the AP on the tab whereRADIUS specific parameters are entered as a value for “AuthorizationLifetime (seconds)”.When all wireless stations in the network implement IEEE 802.1x protocols,its is possible to operate with dynamic (rotating) keys only. Duringconfiguration of the AP-2000 this mode of operation can be selected.TB-053.docPage 4 of 9Copyright © 2002 Agere Systems Inc.
... WEP Key Rotation in AP2000The following diagram illustrates the rotation of the WEP keys in an IEEE802.1x only environment:APTx = A 1Rx = B 2Rx = C 3Rx = D 1Tx = B 2Rx = C 3Rx = D 1Rx = E 2Tx = C 3T0 T1T2 T3Rx = A 1Rx = B 2Tx = C 3Tx = D 1Rx = B 2Rx = C 3Rx = D 1Tx = E 2Rx = C 3authre-authre-authre-authSTA1Rx = A 1Rx = B 2Tx = C 3Rx = A 1Rx = B 2Tx = C 3Rx = D 1Tx = E 2Rx = C 3authre-authre-authre-authSTA2On the AP-side.On the STA-side.The above picture shows three time lines one for each device in thisillustration (the AP and two attached Stations). Each time line shows aninterval based on the re-authentication interval set in the AP. Though thestations use the same interval the actual times at which the stations reauthenticatemay differ due to implementation differences and the reauthenticationintervals may be slightly out of sync.In the illustration the AP defines 3 WEP keys at time T0. The key valuesbeing A, B and C. The respective index positions for these three keys are 1,2 and 3. At this point the key value in position 1 (i.e. A) is the transmit key,and the AP encrypts its outgoing wireless traffic with this key. The other twokeys can be used to decrypt incoming wireless traffic.After expiration of the re-authentication timer, the AP defines a new key setin such a way that it replaces the value for the current transmit key, by anewly generated one, and uses the key value in the position following theoriginal one as the new transmit key. In the example at T1, the key value(A) on position 1 is replaced by a new value (D), while the value in position 2(i.e. B) is now used as transmit key.When the re-authenticator timer expires again at T2, the process isrepeated. Value B in position 2 (the current transmit key) is replaced by anewly generated one (E), and the value in position 3 (C) is the new transmitkey.Finally the cycle completes at T3 when the value in position 3 (C) is replacedby a new value (F), while the value in position 1 (D) is the new transmit key.As soon as a station re-authenticates (triggered by expiration of the reauthenticationtimer in the AP, or by an another event that causes thestation to re-authenticate) the set of WEP keys as defined by the AP at thattime, will be passed to the supplicant of the station (encrypted with thesession key). The supplicant will pass the keys to the wireless PC Card forsubsequent use and identifies which key is used to encrypt its outgoingtraffic. This will always be the value that is to be used as transmit key bythe AP in the period after the next one (in other words it is the value twopositions later than the current AP transmit key). In the diagram this will beinitially the value in key position3 (i.e. C). Both stations use the initial set inthe period between T0 and T1.TB-053.docPage 5 of 9Copyright © 2002 Agere Systems Inc.
Page 1 and 2: ... WEP Key Rotation in AP2000ORiNO
Page 3: ... WEP Key Rotation in AP2000WEP k
Page 7 and 8: ... WEP Key Rotation in AP2000On th
Page 9: ... WEP Key Rotation in AP2000Each

... WEP Key Rotation in AP2000

Create successful ePaper yourself

Delete template?

Save as template?