Shared Key Authentication
A version of this page is also available for
4/8/2010
Shared key authentication is not secure and is not recommended for use. It verifies that an authentication-initiating station has knowledge of a shared secret. This is similar to preshared key authentication for Internet Protocol security (IPSec). The 802.11 standard currently assumes that the shared secret is delivered to the participating wireless clients by means of a more secure channel that is independent of IEEE 802.11. In practice, a user manually types this secret for the wireless AP and the wireless client.
Shared key authentication uses the following process:
- The authentication-initiating wireless client sends a frame consisting of an identity assertion and a request for authentication.
- The authenticating wireless node responds to the authentication-initiating wireless node with challenge text.
- The authentication-initiating wireless node replies to the authenticating wireless node with the challenge text that is encrypted using WEP and an encryption key that is derived from the shared key authentication secret.
- The authentication result is positive if the authenticating wireless node determines that the decrypted challenge text matches the challenge text originally sent in the second frame. The authenticating wireless node sends the authentication result.
Because the shared key authentication secret must be manually distributed and typed, this method of authentication does not scale appropriately in large infrastructure network mode, such as corporate campuses.
See Also
Concepts
WEP (Wired Equivalent Privacy)