CCMP (cryptography): Difference between revisions
Palthainon (talk | contribs) No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
'''CCMP''' ('''[[CCM mode|Counter Mode with Cipher Block Chaining Message Authentication Code]] Protocol''') is an [[IEEE 802.11i]] encryption [[security protocol|protocol]] created to replace both [[Temporal Key Integrity Protocol|TKIP]], the mandatory protocol in WPA, and [[Wired Equivalent Privacy|WEP]], the earlier, insecure protocol.<ref>{{citeweb|title=802.11i- Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer specifications|url=http://standards.ieee.org/getieee802/download/802.11i-2004.pdf|publisher=standards.ieee.org|accessdate=2008-02-08}}</ref> CCMP is a mandatory part of the [[Wi-Fi Protected Access|WPA2]] standard, an optional part of the [[Wi-Fi Protected Access|WPA]] standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the [[ITU-T]] [[G.hn]] home and business networking standard. |
'''CCMP''' ('''[[CCM mode|Counter Mode with Cipher Block Chaining Message Authentication Code]] Protocol''') is an [[IEEE 802.11i]] encryption [[security protocol|protocol]] created to replace both [[Temporal Key Integrity Protocol|TKIP]], the mandatory protocol in WPA, and [[Wired Equivalent Privacy|WEP]], the earlier, insecure protocol.<ref>{{citeweb|title=802.11i- Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer specifications|url=http://standards.ieee.org/getieee802/download/802.11i-2004.pdf|publisher=standards.ieee.org|accessdate=2008-02-08}}</ref> CCMP is a mandatory part of the [[Wi-Fi Protected Access|WPA2]] standard, an optional part of the [[Wi-Fi Protected Access|WPA]] standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the [[ITU-T]] [[G.hn]] home and business networking standard. |
||
CCMP, part of the 802.11i standard, uses the [[Advanced Encryption Standard]] (AES) algorithm. Unlike in [[Temporal Key Integrity Protocol|TKIP]], [[key management]] and [[message integrity]] is handled by a single component built around AES using a 128-bit key |
CCMP, part of the 802.11i standard, uses the [[Advanced Encryption Standard]] (AES) algorithm. Unlike in [[Temporal Key Integrity Protocol|TKIP]], [[key management]] and [[message integrity]] is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the [[FIPS 197]] standard. |
||
CCMP uses [[CCM mode|CCM]] with the following parameters: |
CCMP uses [[CCM mode|CCM]] with the following parameters: |
||
Revision as of 20:13, 7 November 2009
 | This article needs additional citations for verification. (April 2009) |
 | This documentation needs attention from an expert in Technology. Please add a reason or a talk parameter to this template to explain the issue with the documentation. (March 2009) |
 |
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol.[1] CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T G.hn home and business networking standard.
CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard.
CCMP uses CCM with the following parameters:
- M = 8 - indicating that the MIC is 8 octets,
- L = 2 - indicating that the Length field is 2 octets.
A CCMP Medium Access Control Protocol Data Unit (MPDU) comprises five sections: 1) MAC header, 2) CCMP header, 3) Data unit, 4) Message integrity code (MIC), and 5) Frame check sequence (FCS). Of these, only the data unit and MIC are encrypted.
The CCMP header is 8 octets and consists of the following fields:
- Packet Number (code sequence) (PN)
- Ext IV
- Key ID
The PN is a 48-bit number stored across 6 octets. The PN codes are the first two, and last four octets of the CCMP header and are incremented for each subsequent packet. Between the PN codes are a reserved octet, and a Key ID octet. The Key ID octet contains the Ext IV (bit 5), Key ID (bits 6-7), and a reserved subfields (bits 0-4).
CCMP uses these values to encrypt the data unit and the MIC. It combines the MPDU Address 2 and priority field, and the PN to create a nonce for the CCM algorithm. It then feeds the temporal key, the constructed nonce, certain header information, and the data unit, to the CCM originator. The CCM originator returns this encrypted data, and an MIC, which is combined with the unencrypted CCMP and MAC headers, and sequence check for transmission.
References
- ^ "802.11i- Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer specifications" (PDF). standards.ieee.org. Retrieved 2008-02-08.
External links
- RFC 3610 - Counter with CBC-MAC (CCM), September 2003
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |