Page 241 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 241

Unit 14: Authentication




          802.11 Client Authentication Process as shown in figure 14.7 are describe below:      Notes
          1.   Probe Requests and Responses: Once the client becomes active on the medium, it searches
               for  access  points  in radio  range using the 802.11 management frames  known as  probe
               request frames. The probe request frame is sent on every channel the client supports in
               an attempt to find all access points in range that match the SSID and client-requested data
               rates. All access points that are in range and match the probe request criteria will respond
               with a probe response frame containing synchronization information and access point load.
               The client can determine which access point to associate to by weighing the supported data
               rates and access point load. Once the client determines the optimal access point to connect
               to, it moves to the authentication phase of 802.11 network access.
          2.   Open Authentication: Open authentication is a null authentication algorithm. The access
               point  will  grant  any  request  for  authentication.  It  might  sound  pointless  to  use  such
               an algorithm, but open authentication has  its place in 802.11 network authentication.
               Authentication in the 1997 802.11 specification is connectivity-oriented. The requirements
               for authentication are designed to allow devices to gain quick access to the network. In
               addition,  many  802.11-compliant  devices  are  hand-held  data-acquisition  units  like  bar
               code readers. They do not have the CPU capabilities required for complex authentication
               algorithms.
               Open authentication consists of two messages:
               zz   The authentication request
               zz   The authentication response
               Open authentication allows any device network access. If no encryption is enabled on the
               network, any device that knows the SSID of the access point can gain access to the network.
               With WEP encryption enabled on an access point, the WEP key itself becomes a means of
               access control. If a device does not have the correct WEP key, even though authentication
               is successful, the device will be unable to transmit data through the access point. Neither
               can it decrypt data sent from the access point (Figure 14.8).
                           Figure 14.8: Open Authentication with Differing WEP Keys




















          Source: http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.pdf
          3.   Shared Key Authentication: Shared key authentication is the second mode of authentication
               specified in the 802.11 standard. Shared key authentication requires that the client configure
               a static WEP key. Figure 14.9 describes the shared key authentication process.
               (a)   The client sends an authentication request to the access point requesting shared key
                    authentication

               (b)   The access point responds with an authentication response containing challenge text



                                           LOVELY PROFESSIONAL UNIVERSITY                                   235
   236   237   238   239   240   241   242   243   244   245   246