June 16, 2012

1.6.10 CCMP

CCMP

Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol designed for Wireless LAN products that implement the full IEEE 802.11i standard (IEEE 802.11i-2004). CCMP is a data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It was created to address the vulnerabilities presented by TKIP, a protocol in WPA, and WEP.

CCMP is an AES-based encryption mode introduced with WPA2 and it is more secure than the WEP protocol and TKIP protocol of WPA. It provides the following security services:
  • Data Confidentiality; ensures only authorized parties can access the information
  • Authentication; provides proof of genuineness of the user
  • Access control in conjunction with layer management
CCMP uses 128-bit AES encryption with a 48-bit initialization vector.

CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing even one bit in a message produces a totally different result.

Advanced Encryption Standard (AES) is the cipher system used by Robust Security Network (RSN). It is the equivalent of the RC4 algorithm used by WPA. CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA.

In the beginning there was WEP. It’s security protocol was weak. WPA (with TKIP) fixed some of the issues with WEP, however it was an intermediate solution, implementing a portion of the 802.11i standard. WPA2 (with CCMP) was a full implementation of the 802.11i standard.

References:
  • http://en.wikipedia.org/wiki/CCMP
  • http://www.openxtra.co.uk/articles/wpa-vs-80211i


No comments:

Post a Comment