winCE / 일반사항 / winCE에서 지원되는 무선암호화방식

Xeno's Study Blog (http://XenoStudy.tistory.com)
- 글쓴이 : Xeno
- 출처 : winCE Document 
- 기타사항 : winCE / Windows Moblie 공통. 틀린사항은 댓글로 수정바랍니다.

각종 암호화의 경우 OS레벨에서 지원하는 것이다.

각종 암호화 및 인증방식은 무선랜 드라이버 Layer와는 별도로, 무선랜 접속 프로그램에서 지원을 해야한다. (물론 무선랜 드라이버단에서도 각 암호화들을 지원해야겠지만..;;) winCE / windows Mobile 같은경우 기본적으로 build 를 하게되면 대부분 netui / wzc를 이용하여 무선랜 접속 및 서비스를 이용하게 될것이다.

아까 말했듯이 무서랜 접속프로그램(=? netui / wzc) 에서 지원되는 무선인증서비스는 아래와 같다.

Wi-Fi Protected Access (WPA) is an implementation that is based on a subset of the IEEE 802.11i standard. WPA, when used with the Temporal Key Integrity Protocol and the Michael message integrity check (MIC) algorithm, provides enhanced security for wireless networks.

The following table shows the security technologies that are included in the WPA standard:

Security technology	Description
WPA Authentication	WPA requires the use of 802.1x authentication. For wireless networks without a Remote Authentication Dial-In User Service (RADIUS) infrastructure, WPA supports the use of a preshared key. For wireless networks with a RADIUS infrastructure, Extensible Authentication Protocol (EAP) and RADIUS is supported.
WPA Key Management	WPA requires the rekeying of both unicast and global encryption keys. For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA enables the wireless AP to advertise the changed key to the connected wireless clients.
Temporal Key Integrity Protocol (TKIP)	WPA requires encryption by using TKIP. TKIP replaces WEP with an encryption algorithm that is stronger than the WEP algorithm but uses the calculation technologies present on existing wireless devices to perform encryption operations. TKIP also provides the following services: The verification of the security settings after the encryption keys are determined. The synchronized changing of the unicast encryption key for each frame. The determination of a unique starting unicast encryption key for each preshared key authentication.
Michael	WPA supports the Michael security algorithm. This algorithm calculates an 8-byte Message Integrity Code (MIC) using the calculation technologies available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. The MIC field is encrypted together with the frame data and the ICV. Michael also provides replay protection by including a new frame counter in the IEEE 802.11 frame that is used to prevent replay attacks.
AES Support	WPA defines the use of Advanced Encryption Standard (AES) as an additional replacement for WEP encryption. Because AES support may not be added to existing wireless devices through a firmware update, support for AES is optional and is dependant on vendor driver support.