Shared Key Authentication (Compact 7)
3/12/2014
Wired Equivalent Privacy uses shared key authentication to verify that an authentication-initiating client has knowledge of a shared secret.
Shared Key Authentication
Shared-key authentication requires that the access point (AP) and clients agree on a shared, secret key. During authentication, information is encrypted before transmission by using the shared key and decrypted by the receiver by using the same key. If the receiver can decrypt the information, identities are considered authenticated. To safely use the shared-key authentication method, the policy must be restricted to administrator-only, read/write permission, encrypted for privacy when communicated between the AP and clients. In addition, each computer must be restricted to system-only read access.
Shared key authentication uses the following process to authenticate a request to connect:
- The wireless client that initiates authentication sends a frame consisting of an identity assertion and a request for authentication.
- The authenticating wireless AP responds to the authentication-initiating wireless node with challenge text.
- The authentication-initiating wireless node replies to the authenticating wireless node with the challenge text that is encrypted using Wired Equivalent Privacy (WEP) and an encryption key that is derived from the shared key authentication secret.
- The authentication result is approved if the authenticating wireless node determines that the decrypted challenge text matches the challenge text originally sent in the second frame. The authenticating wireless node sends the authentication result.