Jump to content

CCMP (cryptography)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 130.76.64.15 (talk) at 20:13, 7 November 2009. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

This article is about data encryption protocol. For the private equity investment firm, see CCMP Capital.

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol.[1] CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T G.hn home and business networking standard.

CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard.

CCMP uses CCM with the following parameters:

  • M = 8 - indicating that the MIC is 8 octets,
  • L = 2 - indicating that the Length field is 2 octets.

A CCMP Medium Access Control Protocol Data Unit (MPDU) comprises five sections: 1) MAC header, 2) CCMP header, 3) Data unit, 4) Message integrity code (MIC), and 5) Frame check sequence (FCS). Of these, only the data unit and MIC are encrypted.

The CCMP header is 8 octets and consists of the following fields:

  • Packet Number (code sequence) (PN)
  • Ext IV
  • Key ID

The PN is a 48-bit number stored across 6 octets. The PN codes are the first two, and last four octets of the CCMP header and are incremented for each subsequent packet. Between the PN codes are a reserved octet, and a Key ID octet. The Key ID octet contains the Ext IV (bit 5), Key ID (bits 6-7), and a reserved subfields (bits 0-4).

CCMP uses these values to encrypt the data unit and the MIC. It combines the MPDU Address 2 and priority field, and the PN to create a nonce for the CCM algorithm. It then feeds the temporal key, the constructed nonce, certain header information, and the data unit, to the CCM originator. The CCM originator returns this encrypted data, and an MIC, which is combined with the unencrypted CCMP and MAC headers, and sequence check for transmission.

References

  1. ^ "802.11i- Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer specifications" (PDF). standards.ieee.org. Retrieved 2008-02-08.

External links

  • RFC 3610 - Counter with CBC-MAC (CCM), September 2003


Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=CCMP_(cryptography)&oldid=324512876"