Explain WPA2CCMP.

276    Asked by Amitraj in Cyber Security , Asked on Feb 28, 2022

: I want to understand more about Wireless security. One thing I have not been able to understand is what WEP, WPA and WPA2 do without the help of TKIP, CCMP, and AES, and what do TKIP, CCMP and AES provide to WEP, WPA and WPA2? What is WEP WPA WPA2 lacking in its design that TKIP CCMP and AES have a solution for?

Answered by Andrea Bailey

WEP, WPA, WPA2, and WPA3 refer to different certifications for securing a wireless network, each requiring certain standards. Each of them specifies different behaviour and offers different options. The original WEP used the stream cipher RC4 with a 104-bit key. Because RC4 does not accept a nonce, it produces a single stream of output. However, when dealing with packets, it's not possible to guarantee all data arrives in the same order without packet loss, WEP specified a 24-bit nonce as part of the key. RC4, however, is vulnerable to related-key attacks, which means using similar keys causes security problems, and 24 bits is not sufficient for a nonce size, which means that the same nonce (and hence the same keystream) was reused. Combined with the fact that RC4 has known statistical weaknesses and there was no integrity check to prevent tampering, this design meant that WEP was exceedingly weak and using it was little better than sending data unencrypted.

WPA was designed to fix this problem without requiring new hardware by implementing TKIP, the Temporal Key Integrity Protocol. It used a new, per-packet key for each packet plus a (weak) integrity check. While RC4 was still a bad choice, TKIP meant that many people could achieve a very basic level of security with just a firmware upgrade. AES is a well-known, secure block cipher for encrypting data, and CCMP is a mode of using this cipher to provide both strong encryption and robust integrity protection. WPA2 required support for AES-CCMP for certification. While WPA2 properly secures the data involved in a packet, it doesn't authenticate the header information, so it's still possible for an attacker to send spoofed packets directing other endpoints to disassociate from the network (a disassociation attack). WPA3 introduces a new, more robust version of key exchange (the process of negotiating keys when connecting to a network) and adds support for integrity checking of management frames, so disassociation attacks are no longer possible. WPA2CCMP is still used because it's still considered robust and secure. In this day and age, you should use WPA3 if all your devices support it, and WPA2 otherwise. Unless you are dealing with obsolete devices, your networks should use only AES-CCMP and should have TKIP (and WEP) disabled.



Your Answer

Interviews

Parent Categories