Jump to content

CCMP (cryptography)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 77.58.255.212 (talk) at 11:56, 19 October 2012 (Known attacks). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Counter Cipher Mode with Block Chaining Message Authentication Code Protocol or CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.[1] It was created to address the vulnerabilities presented by WEP, a dated, unsecure protocol.[1]

Technical details

CCMP uses CCM that combines CTR for data confidentiality and CBC-MAC for authentication and integrity. CCM protects the integrity of both the MPDU data field and selected portions of the IEEE 802.11 MPDU header. CCMP is based on AES processing and uses a 128-bit key and a 128-bit block size. CCMP uses CCM with the following two parameters:

  • M = 8; indicating that the MIC is 8 octets (eight bytes).
  • L = 2; indicating that the Length field is 2 octets.

A CCMP Medium Access Control Protocol Data Unit (MPDU) comprises five sections. The first is the MAC header which contains the destination and source address of the data packet. The second is the CCMP header which is composed of 8 octets and consists of the packet number(PN), the Ext IV, and the key ID. The packet number is a 48-bit number stored across 6 octets. The PN codes are the first two and last four octets of the CCMP header and are incremented for each subsequent packet. Between the PN codes are a reserved octet and a Key ID octet. The Key ID octet contains the Ext IV (bit 5), Key ID (bits 6-7), and a reserved subfields (bits 0-4). CCMP uses these values to encrypt the data unit and the MIC. The third section is the data unit which is the data being sent in the packet. Lastly are the Message Integrity Code (MIC) which protects the integrity and authenticity of the packet and the frame check sequence(FCS) which is used for error detection and correction. Of these sections only the data unit and MIC are encrypted.[1]

Security

CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services:[2]

  • Data Confidentiality; ensures only authorized parties can access the information
  • Authentication; provides proof of genuineness of the user
  • Access control in conjunction with layer management

Because CCMP is a block cipher mode it is secure against attacks to the 2^128 steps of operation if the key for the encryption is 256 bits or larger. Generic meet-in-the-middle attacks do exist and can be used to limit the theoretical strength of the key to 2^(n/2) (where n is the number of bits in the key) operations needed.[3]

Known attacks

References

  1. ^ a b c Cole, Terry (12 June 2007). "IEEE Std 802.11-2007" (PDF). New York, New York: The Institute of Electrical and Electronics Engineers, Inc. Retrieved 11 April 2011.
  2. ^ Ciampa, Mark (2009). Security Guide To Network Security Fundamentals (3 ed.). Boston, MA: Course Technology. pp. 205, 380, 381. ISBN 1-4283-4066-1.
  3. ^ Whiting, Doug (September 2003). "Counter with CBC-MAC (CCM)". The Internet Society. Retrieved 11 April 2011. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)