Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Table of Contents
802.11 Overview
4
4
4
4
CCMP Processing
Pairwise Keys
Group Keys
Key Derivation and Distribution
6
6
6
References
This report describes the efforts of the 802.11i specification to address weaknesses in encryption used in
wireless network security.
Page 2
802.11 Overview
802.11 is a group of specifications developed by the Institute of Electrical and Electronics Engineers Inc.
(IEEE) for wireless local area networks (WLANs). These specifications define an over-the-air interface
between a wireless client and a base station (or access point), or between two or more wireless clients.
The standards produced by this group were first released in 1997 and have come to include definitions
for communication in the 2.4, 3.6 and 5 GHz frequency bands. There are a variety of components,
typically defined by a lower case letter following 802.11. For example, the first widely accepted
standard was 802.11b, describing the use of the 2.4 GHz band to provide speeds up to 11 Mbps.
Subsequent standards include the 802.11g, which also uses the 2.4 GHz band but can provide speeds up
to 54 Mbps. There are several others, in various states of completion. The remainder of this paper is
concerned with the final release of the 802.11i specification dealing with wireless network security.
Page 3
Sequence Counter
Each frame is numbered to protect against replay attacks.
Page 4
CCMP Processing
CCMP takes as input the frame to be transmitted, a temporal key used to encrypt and authenticate the
frame, a key identifier and a packet number. When a frame is sent to CCMP, the following processing
occurs:
1. The frame is queued for transmission.
2. A 48 bit packet number is assigned. Packet numbers are increased for every transmission and
are used in replay protection.
3. An Additional Authentication Data field is created, consisting of those fields which must be
transmitted in the clear but authenticated.
4. The CCMP nonce is created using the packet number and the senders address.
5. The CCMP header is built using the packet number and the key identifier.
6. With all the prerequisites in place, all the data is authenticated and the frame data and MIC are
encrypted.
7. The original MAC header, CCMP header and encrypted data are combined and ready to be
transmitted.
The reception process is achieved by reversing the transmission process.
Page 5
Pairwise Keys
Both encryption protocols described in 802.11i make use of a root secret key from which all subsequent
keys are derived. Key derivation makes it possible to refresh encryption keys without re-authenticating.
A 256 bit master key must be supplied. This is configured in the WPA mechanism, where in an
infrastructure with an authentication server, that server computes the master key and distributes it to
the access point. This is described in more detail in the 802.1X specification.
The pairwise master key (PMK) is expanded using a pseudorandom function to create a pairwise
transient key (PTK.) This is broken into two 128 bit pieces, each of which is used to protect the
distribution of the temporal keys.
Key hierarchies for both TKIP and CCMP start with two keys produced in the 802.1X mechanism. The
first of these is an EAPOL Key Confirmation Key (KCK). This is used to compute integrity checks on
the keying messages. The second, the EAPOL Key Encryption Key (KEK), is used to encrypt the keying
messages.
TKIP s key consists of the KCK, the KEK, the 128 bit temporal key, and a 128 bit key used by the Michael
integrity check. Recall that TKIP uses separate authentication and encryption steps and so requires two
keys. The transient key for CCMP is shorter because the same 128 bit temporal key is used for both
authentication and encryption.
Group Keys
Whether by configuration or calculation a Group Master Key is supplied, expanded using a pseudorandomizing function in combination with a nonce and the address of the authentication server,
and produces a 256 bit TKIP Group Transient Key, consisting of a group temporal key and a group
integrity key, or a CCMP Group Transient Key, which is identical to the group temporal key.
Page 6
Page 7
References
802.11 Wireless Networks: The definitive guide. 2nd edition. Matthew Gast,
2005 O'Reilly Media
Page 8