Appendix B Wireless LANs
EMG6726/8726-B10A User’s Guide
293
WPA2-PSK uses a simple common password, instead of user-specific credentials. The common-password
approach makes WPA2-PSK susceptible to brute-force password-guessing attacks but it’s still an
improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK
which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the
same encryption keys.
User Authentication
Key caching allows a wireless client to store the PMK it derived through a successful authentication with
an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go
with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to
perform another AP before connecting to it.
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless client
how to use WPA. At the time of writing, the most widely available supplicant is the
WPA patch for
Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" wireless client. However, you must run Windows XP to use it.
WPA2-PSK Application Example
A WPA2-PSK application looks as follows.
1
First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist
of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).
2
The AP checks each wireless client's password and allows it to join the network only if the password
matches.
3
The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over
the network, but is derived from the PSK and the SSID.
4
The AP and wireless clients use the AES encryption process, the PMK and information exchanged in a
handshake to create temporal encryption keys. They use these keys to encrypt data exchanged
between them.