Authentication with Private Pre-Shared Key
Technology Behind the Solution
Aerohive's patent-pending Private PSK provides the ease of PSK with many of the advantages of 802.1X solutions. The IT manager can provide unique passphrases to each user on a single SSID, which creates a one-to-one relationship between the key and user instead of the one-to-many paradigm of classic PSK, thus providing the ability to truly authenticate each individual. This enables 802.1X-like capabilities even though it appears like only a PSK is required on the laptop or Wi-Fi device. While classic PSK does not allow the revocation of a single user's credentials since all users share the same passphrase, Private PSK offers a unique PSK per individual and therefore enables the administrator to revoke a single set of credentials. Furthermore, since Private PSK, like 802.1X, allows a means to identify individual users on a single SSID, each can be granted different user profiles. This allows all users to connect to the same network, but get unique levels of service based on their roles.
Benefits
- Simple key creation, distribution, and revocation saves administrator time plus reduces the cost and complexity of using a single PSK or trying to get hard-to-configure devices online using 802.1X.
- Guests can be given unique keys, thereby eliminating the risk of one guest eavesdropping on another. In addition, entering a PSK is often simpler than loading up a captive web portal and entering a username and password.
- If a person leaves the company, classic PSK requires that the key be reset for all users, which can be an IT support burden. With Private PSK, just that one user's key can be revoked.
- Many clients do not support 802.1X or the latest WPA2 standard with opportunistic key caching required for fast roaming between APs. With Private PSK, those clients can see significant performance increases with roaming.
- Many legacy clients don't support 802.1X but most will support WPA-PSK. Those clients can be made secure without a costly client and application upgrade.
| Wireless LAN Requirement & Features | PSK - WPA/WPA2 Personal | Private PSK - WPA/WPA2 Personal | IEEE802.1X - WPA/WPA2 Enterprise |
| No complex configuration required for clients |  |
|
 |
| Unique Keys Per User on Single SSID | |
|
|
| Can revoke an individual user's key or credentials when they leave the company or their wireless device is compromised, lost or stolen | |
|
|
| Supports different VLAN, QoS, Firewall or Tunnel policy for different users on same SSID | |
|
|
| Does not require certificates to be installed on clients | |
|
|
| Uses 802.11i standard mechanisms for securing the SSID | |
|
Depends on Client |
| Keys are dynamically created for users upon login to the network and are rotated frequently | |
|
|
| Can be used to perform machine authentication | |
|
|
| If one user is compromised, no other users keys can be compromised | |
|
|