11 systems in Federal Information Processing
Standard (FIPS) applications, as AES in CCM mode is a FIPS approved mode of operation.
CCMP supports, but does not guarantee government use of commercially available WLAN
equipment. The CCMP decapsulation operation [17] is shown in Figure 7.5.
7.4 Secret Key Generation and Distribution
In the 802.11 specification, key distribution mechanisms are not defined. Keys are obtained
via an upper layer EAP method protocol exchange or via a manual (Pre-shared Key)
configuration. Upper-Layer Authentication Messages, specifically the 802.1X EAPOL-Key
message are used in the 4-Way Handshake [8] to exchange information needed for the
supplicant (client) and authenticator (network entity) to generate encryption and
authentication keys from a Master Key and to derive a new transient key if needed.
7.5 Authentication
Authentication of end users or end systems is needed to control access to the WLAN. In
enterprise applications, only authorized users must be allowed to access the corporate
intranet. In public space applications, user identification is needed by the service provider
Wireless Local Area Network Security 151
to accurately bill the end user.
Pages:
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397