TKIP is better than WEP, but that is the only statement that can be made with certainty. WEP's basis in a stream cipher will always leave lingering doubts about the security of anything built using a similar set of operations. To address the concerns of the 802.11 user community, the IEEE working group began developing a security protocol based on the Advanced Encryption Standard (AES) block cipher. AES is a flexible
What Is WPA?
Wi-Fi Protected Access (WPA) is a marketing standard put together by the Wi-Fi Alliance. The Wi-Fi Alliance leaves the details of hammering out standards to other bodies like the IEEE. As a trade association, however, they react to ensure that the perception of the industry remains positive.
When the first cracks appeared in the foundation of WEP, the IEEE launched a working group to develop improved security standards. Building secure cryptographic protocols is difficult work, however, and 802.11i has been delayed repeatedly past its expected due date. 802.11i specifies two new security protocols: TKIP and CCMP. TKIP was designed to be backwards compatible with existing hardware at the time it was developed, whereas CCMP was designed essentially from the ground up. As a result, TKIP was finished well before CCMP was ready.
To address security concerns in the market, the Wi-Fi Alliance worked to speed up deployment of TKIP by coming up with an interim marketing standard called WPA. WPA version 1 is based on the third draft of 802.11i (from mid-2003); WPA version 2 is the final standardized version of 802.11i from mid-2004.
WPA includes both authentication through 802.1X and encryption. It comes in two flavors: WPA Personal, which is equivalent to pre-shared key authentication in 802.11i, and WPA Enterprise, which uses the authenticated key mode that derives keys from TLS entropy.
cipher that can operate at many key lengths and block sizes; to prevent user confusion, 802.11i mandates the use of AES with both 128-bit keys and 128-bit blocks.
There has been some concern over the key size used with 802.11i. AES can operate with a variety of key lengths. The U.S. National Security Agency has approved AES for use with "secret" data with 128-bit and longer keys, but more sensitive "top secret" data requires the use of 192-or 256-bit keys.[*] Some observers have therefore concluded that 128-bit keys do not offer adequate security. Regardless of the merits in the debate over key size, 128-bit AES is much better suited to 802.11 frame encryption RC4 at any key length.
[*] See the Committee on National Security Systems (CNSS) Policy No. 15, Fact Sheet No. 1, "National Policy on the Use of the Advanced Encryption Standard (AES) to Protection National Security Systems and National Security Information" at http://www.nstissc.gov/Assets/pdf/fact%20sheet.pdf.
The link-layer security protocol based on AES is called the Counter Mode with CBC-MAC Protocol (CCMP). The name comes from the underlying use of the block cipher, in the Counter Mode with CBC-MAC (CCM) mode, which is specified in RFC 3610. CCM is a "combined mode of operation, in which the same key is used in encryption for confidentiality as well as creating a cryptographically secure integrity check value.
[images/ent/U2020.GIF border=0>] One of the delays in finishing 802.11i was that the AES algorithm was initially based on a different mode of operation, AES-OCB. Intellectual property concerns required that it be dropped from the final specification in favor of CCMP.
In September 2003, the National Institute of Standards and Technology (NIST) began a study of CCM. In May 2004, NIST gave its approval to CCM, which will allow 802.11i to serve as the basis for secure wireless LANs in demanding applications.
CCMP Data Processing
Like other link-layer encryption methods, CCMP provides support for encryption and integrity protection as part of the same process, as shown in Figure 7-6.
Figure 7-6. CCMP frame processingencryption
As input, CCMP takes the following items:
CCMP data transmission
When a frame is generated and sent to TKIP for transmission, this procedure occurs:
The encapsulation of a CCMP-protected frame is quite straightforward, and is shown in Figure 7-7. Following the MAC header, a CCMP header holds the packet number and key ID. The higher-layer protocol frame and its MIC are encrypted before the FCS.
Figure 7-7. CCMP encapsulation
When CCMP receives a frame, the encryption and transmission process must be reversed. With no backwards compatibility baggage requiring the use of the WEP engine, the CCMP decryption process is a straightforward reversal of Figure 7-6:
Introduction to Wireless Networking
Overview of 802.11 Networks
11 MAC Fundamentals
11 Framing in Detail
Wired Equivalent Privacy (WEP)
User Authentication with 802.1X
11i: Robust Security Networks, TKIP, and CCMP
Contention-Free Service with the PCF
Physical Layer Overview
The Frequency-Hopping (FH) PHY
The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b)
11a and 802.11j: 5-GHz OFDM PHY
11g: The Extended-Rate PHY (ERP)
A Peek Ahead at 802.11n: MIMO-OFDM
Using 802.11 on Windows
11 on the Macintosh
Using 802.11 on Linux
Using 802.11 Access Points
Logical Wireless Network Architecture
Site Planning and Project Management
11 Network Analysis
11 Performance Tuning
Conclusions and Predictions