TKIP is the encryption method certified as WPA
two primary functions of TKIP are the generation of a per packet key using RC4 encryption of the MAC service data unit (MSDU) & a MIC in the encrypted packet. The IV changes with each frame transmission, and is susceptible to an active attack.
AES counter mode/CBC MAC protocol (CCMP)
Additional authentication data (AAD) is taken from the MAC header & included in the CCM encryption process. To protect against replay attacks a sequenced (PN) packet number is included in the CCMP header. The PN & portions of the MAC header are used to generate a nonce that is in turn used by the CCM encryption process.
PKC – proactive key caching & CCM
- an 802.11i extension that allows for the proactive caching (before a roam event) of the PMK that is derived during a client 802.1x/EAP authentication at the AP.
CCKM – implementation is different than PKC, two mechanisms are incompatible.
show pmk-cache all
802.11r workgroup is responsible for the standardization of an FSR mechanism for 802.11