Saturday, November 14, 2009

Encryption Types

TKIP is the encryption method certified as WPA

     two primary functions of TKIP are the generation of a per packet key using RC4 encryption of the MAC service data unit (MSDU) & a MIC in the encrypted packet. The IV changes with each frame transmission, and is susceptible to an active attack.

AES counter mode/CBC MAC protocol (CCMP)
     Additional authentication data (AAD) is taken from the MAC header & included in the CCM encryption process.  To protect against replay attacks a sequenced (PN) packet number is included in the CCMP header.  The PN & portions of the MAC header are used to generate a nonce that is in turn used by the CCM encryption process.

PKC – proactive key caching & CCM
 - an 802.11i extension that allows for the proactive caching (before a roam event) of the PMK that is derived during a client 802.1x/EAP authentication at the AP.

CCKM – implementation is different than PKC, two mechanisms are incompatible.
              show pmk-cache all

802.11r workgroup is responsible for the standardization of an FSR mechanism for 802.11

No comments:

Post a Comment