KSU Wireless Network Access

Authentication

The KSU Network Access uses the WPA-PSK + WPA2-PSK authentication. Following is a description of each.

WPA - Wi-Fi Protected Access (WPA) provides improved data encryption, and user authentication. WPA uses the following security mechanisms.

- Temporal Key Integrity Protocol (TKIP). TKIP provides data encryption enhancements including per-packet key hashing (i.e., changing the encryption key on each packet), a message integrity check, an extended initialization vector with sequencing rules, and a re-keying mechanism.

- Enterprise-level User Authentication via 802.1x and EAP - To strengthen user authentication, WPA uses 802.1x and the Extensible Authentication Protocol (EAP).

Used together, these protocols provide strong user authentication via a central RADIUS authentication server that authenticates each user on the network before they join it. WPA also employs “mutual authentication” to prevent a wireless client from accidentally joining a rogue network. When the Authentication Type is set to WPA, clients are authenticated using 802.1x via a RADIUS server. Each client has to be WPA-enabled or support 802.1x client software. A RADIUS server must also be configured and be available in the wired network. With this authentication type, keys are generated for each wireless client associating with the BSAP. These keys are regenerated periodically, and also each time the wireless client is re-authenticated.

WPA-PSK - WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the BSAP and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks.When the WPA mode is set to “pre-shared-key,” the key must first be generated and distributed to all wireless clients before they can successfully associate with the BSAP.

WPA2 - Wi-Fi Protected Access 2 (WPA2) is the second generation of WPA security and is based on the final IEEE 802.11i amendment to the 802.11 standard. When the Authentication Type is set to WPA2, clients are authenticated using 802.1x via a RADIUS server. Each client has to be WPA2-enabled or support 802.1x client software. A RADIUS server must also be configured and be available in the wired network. With this authentication type, keys are generated for each wireless client associating with the BSAP. These keys are regenerated periodically, and also each time the wireless client is re-authenticated.

WPA2-PSK - The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the BSAP and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks.When the WPA2 mode is set to “pre-shared-key,” the key must first be generated and distributed to all wireless clients before they can successfully associate with the BSAP.