Key Hierarchy Using AES CCMP
Most of what has been described so far in this section applies to both AES CCMP and TKIP cipher methods. The method of deriving and delivering keys applies across the board using the four-way handshake for pairwise keys and the two-way handshake for group keys. However, there is a difference in one respect: the size and number of keys needed is different, depending on the encryption method in use.
Given that AES CCMP provides a higher level of security, you might expect that the AES CCMP keys would be bigger or perhaps more numerous. However, in fact, the reverse is true. Whereas a total of 768 temporal key bits are needed for TKIP, only 512 are needed for AES CCMP. The reason is because in AES CCMP the integrity and encryption functions are combined into a single calculation, whereas with TKIP they are two quite distinct operations, each requiring a separate key.
For AES CCMP, the pairwise temporal keys are:
And the group temporal key is:
The PMK and GMK are still created in the same way but, at the temporal key computation phase, fewer key bits are generated; otherwise, there is no difference in operations. While the four-way handshake is mandated for both WPA and 802.11i, it is possible that new key hierarchy schemes will be introduced for 802.11i in the future. The four-way handshake has been criticized for being slow because it can take several seconds to complete. The slow handshake presents problems for system that need rapid handover between access points such as voice-over-IP terminals.