Forum

Shared key Authentication.

3 posts by 3 authors in: Forums > CWNA - Enterprise Wi-Fi Admin
Last Post: May 31, 2006:
  • By WirelesswizardCWSP
    Reply

    Hi ,

    I remember that Shared system authentication Mandates Encryption,but
    in WZC we have an option to select authentication method as shared and
    encryption type as disabled.

    Can some one clarify this.

  • By moe
    Reply

    WirelesswizardCWSP,

    802.11-1999 says that Shared Key authentication needs the WEP privacy mechanism to encrypt and decrypt the shared key. This means that WEP must be implemented. I don't see a requirement that WEP must be used for encryption of data.

    Specifically, clause 8.1.2 says the following:

    Shared Key authentication supports authentication of STAs as either a member of those who know a shared secret key or a member of those who do not. IEEE 802.11 Shared Key authentication accomplishes this without the need to transmit the secret key in the clear; however, it does require the use of the WEP privacy mechanism. Therefore, this authentication scheme is only available if the WEP option is implemented.


    A STA shall not initiate a Shared Key authentication exchange unless its dot11PrivacyOptionImplemented attribute is true.


    Clause 8.3.2 addresses another attribute called dot11PrivacyInvoked. It says this about it:

    The boolean variable dot11PrivacyInvoked shall be set to "false" to prevent the STA from transmitting MPDUs of type Data with the WEP subfield of the Frame Control field set to 1. It does not affect MPDU or MMPDU reception.


    I understand this to mean that if dot11PrivacyInvoked is true then the WEP subfield (now called the Protected Frame subfield) must be set to 1 and the data must be encrypted.

    If you read the Shared Key authentication frame descriptions in 8.1.2 and the MAC algorithms for transmitting and receiving Authentication Transaction frames in 8.3 you will not find dot11PrivacyInvoked mentioned. The algorithms do not check for dot11PrivacyInvoked=true prior to transmitting or accepting an authentication frame.

    So, I don't believe there is a requirement to use data encryption when using Shared Key authentication.

    Updates to Clause 8 can be found in 802.11i but they say essentially the same thing.

    Hope this helps.

    moe

  • By ben_miller
    Reply

    If you select shared key authentication with disabled encryption you simply won't be able to connect. It is just a slight error in WZC.

Page 1 of 1
  • 1