When encryption is in use, only the 802.11 headers of data packets are sent in the
clear (that is, unencrypted). Management and control packets are not encrypted.
Guide to Wireless LAN Analysis 22
WEP uses a set of up to four static keys that must be installed manually on every
station and access point. Different implementations of WEP support different key lengths.
The revised 802.11 standard supports two WEP key lengths: 40-bit (expanded to 64 by the
addition of a 24-bit initialization vector (IV)) and 104-bit (expanded to 128 with the IV).
Other proprietary systems support longer key lengths. The unencrypted portion of the
packet header can show which of the four WEP keys was used to encrypt the payload.
TKIP and CCMP use a separate Pair-wise Master Key (PMK) for each pair of peers -
a pair of stations, or a station and an access point. This master key is used to derive other
keys which are the ones actually used to encrypt and decrypt different elements of the
traffic between the pair of nodes. This approach keeps the master key less exposed and
allows for frequent rekeying.
The standard provides for two different methods of distributing PMKs.
Pages:
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117