About Us Products Applications Support News Information Center Contact Us Site Map Home
Information Center
Wireless LAN Security
WEP WAP WAPI 802.1x
WEP

Wired Equivalent Privacy (WEP) is an encryption scheme introduced in IEEE 802.11a and 802.11b (September 1999) and included in subsequent standards such as 802.11g. As the name implies, it was intended to make wireless networks as resistant to snooping and intrusion as wired networks. The standards made encryption with a 64-bit key a mandatory capability and 128-bit encryption an option. Almost all vendors provided both 64- and 128-bit WEP encryption in their subsequent products. (Since 24 bits of the key are generated automatically, many vendors termed the features "40-bit" and "108-bit" WEP.)

Researchers soon found that WEP could be "cracked" by intercepting and analyzing a sufficiently large amount of encrypted traffic. WEP's main flaw is that the keys are static and shared by all devices. Used wisely and in conjunction with other measures, WEP can keep a low-traffic home network quite secure, but is unsuitable for high-traffic corporate WLANs, where an attacker can quickly collect enough packets to extract the key or keys.

WAP

Wi-Fi Protected Access (WPA) is an enhancement to WEP created by the Wi-Fi Alliance to provide better WLAN security. It uses techniques described in IEEE 802.11i, a security standard expected to be ratified in 2004. One of these is the Temporal Key Integrity Protocol (TKIP), which automatically changes keys frequently enough to make key extraction impracticable or impossible.

WAPI

Wired Authentication and Privacy Infrastructure (WAPI) is a WLAN security scheme developed in China and incompatible with all 802.11 security mechanisms. In December 2003, the Chinese government mandated that starting on June 1, 2004 , all WLAN equipment sold in China would have to have WAPI built in. Foreign manufacturers would have to partner with designated Chinese companies to comply with the regulation.

802.1x

IEEE 802.1x is a standard for access control on both wired and wireless LANs. It was ratified in the first half of 2001, and many wireless access points now support it. 802.1x defines how authentication and authorization messages are passed between a "supplicant" (for example, a wireless station) and an "authenticator" (in this case, an access point), and between the authenticator and an "authentication server," normally a computer running Remote Authentication Dial-In User Service (RADIUS) software. Supplicant and authenticator communicate using the Extensible Authentication Protocol (EAP), a method originally developed by the Internet community for use on dial-up lines (so its use in 802.1x is sometimes referred to as "EAP over LAN," or EAPOL). 802.1x defines a transport framework but does not specify a single mechanism for authentication and authorization (A&A). Implementations on the market are referred to as "EAP-" plus the A&A method used. Examples are EAP-MD5, EAP-LEAP, EAP-TLS, and EAP-TTLS.
Back
nav arrow What is a Wireless LAN?
nav arrow Wireless LAN Devices
nav arrow Wireless LAN Standard
nav arrow Wireless LAN Security
nav arrow What is WiFi?
nav arrow Connection Mode
nav arrow Modulation Methods
Copyright ©2004 National Datacomm Corporation. All rights reserved.
4F, No. 24-2, Industry East 4th Road Science Park, Hsin-Chu Taiwan, R.O.C.
Tel: +886-3-5783966 Fax: +886-3-5777989