Misplaced Pages

CCMP (cryptography)

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Counter Mode Cipher Block Chaining Message Authentication Code Protocol ( Counter Mode CBC-MAC Protocol ) or CCM mode Protocol ( CCMP ) is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC ( CCM mode ) of the Advanced Encryption Standard (AES) standard. It was created to address the vulnerabilities presented by Wired Equivalent Privacy (WEP), a dated, insecure protocol.

#873126

15-593: CCMP uses CCM that combines CTR mode for data confidentiality and cipher block chaining message authentication code (CBC-MAC) for authentication and integrity. CCM protects the integrity of both the MPDU data field and selected portions of the IEEE 802.11 MPDU header. CCMP is based on AES processing and uses a 128-bit key and a 128-bit block size. CCMP uses CCM with the following two parameters: A CCMP Medium Access Control Protocol Data Unit (MPDU) comprises five sections. The first

30-411: Is a mode of operation for cryptographic block ciphers . It is an authenticated encryption algorithm designed to provide both authentication and confidentiality . CCM mode is only defined for block ciphers with a block length of 128 bits. The nonce of CCM must be carefully chosen to never be used more than once for a given key . This is because CCM is a derivation of counter (CTR) mode and

45-587: Is a Dutch cryptographer and consultant who currently works for Microsoft . He has worked with others, including Bruce Schneier , designing cryptographic algorithms , testing algorithms and protocols, and writing papers and books. Among the designs Ferguson has contributed to is the AES finalist block cipher algorithm Twofish as well as the stream cipher Helix and the Skein hash function . In 1999, Niels Ferguson, together with Bruce Schneier and John Kelsey , developed

60-545: Is the MAC header which contains the destination and source address of the data packet. The second is the CCMP header which is composed of 8 octets and consists of the packet number (PN), the Ext IV, and the key ID. The packet number is a 48-bit number stored across 6 octets. The PN codes are the first two and last four octets of the CCMP header and are incremented for each subsequent packet. Between

75-650: The Digital Millennium Copyright Act of 1998, which would make such publication illegal. In 2006 he published a paper covering some of his work around Bitlocker full disk encryption at Microsoft. At the CRYPTO 2007 conference rump session, Dan Shumow and Niels Ferguson presented an informal paper describing a potential kleptographic backdoor in the NIST specified Dual_EC_DRBG cryptographically secure pseudorandom number generator . The kleptographic backdoor

90-622: The Yarrow algorithm , a Cryptographically-Secure Pseudorandom Number Generator (CSPRNG) . Yarrow was later further developed by Niels Ferguson and Bruce Schneier into the Fortuna CSPRNG. In 2001, he claimed to have broken the HDCP system that is incorporated into HD DVD and Blu-ray Discs players, similar to the DVDs Content Scramble System , but has not published his research, citing

105-598: The IEEE 802.11i standard, and OCB mode was relegated to optional component status, before eventually being removed altogether. CCM mode is used in IEEE 802.11i (as CCMP , the CCM encryption protocol for WPA2 ), IPsec , and TLS 1.2, as well as Bluetooth Low Energy (as of Bluetooth 4.0 ). It is available for TLS 1.3, but not enabled by default in OpenSSL . Niels Ferguson Niels T. Ferguson (born 10 December 1965, Eindhoven )

120-541: The MAC are encrypted using counter mode. The main insight is that the same encryption key can be used for both, provided that the counter values used in the encryption do not collide with the (pre-) initialization vector used in the authentication. A proof of security exists for this combination, based on the security of the underlying block cipher. The proof also applies to a generalization of CCM for any block size , and for any size of cryptographically strong pseudo-random function (since in both counter mode and CBC-MAC,

135-504: The PN codes are a reserved octet and a Key ID octet. The Key ID octet contains the Ext IV (bit 5), Key ID (bits 6–7), and a reserved subfield (bits 0–4). CCMP uses these values to encrypt the data unit and the MIC. The third section is the data unit which is the data being sent in the packet. The fourth is the message integrity code (MIC) which protects the integrity and authenticity of the packet. Finally,

150-837: The block cipher is only ever used in one direction). CCM mode was designed by Russ Housley , Doug Whiting and Niels Ferguson . At the time CCM mode was developed, Russ Housley was employed by RSA Laboratories . A minor variation of CCM, called CCM*, is used in the Zigbee standard. CCM* includes all of the features of CCM. It allows a choice of MAC lengths down to 0 (which disables authentication and becomes encryption-only). CCM requires two block cipher encryption operations on each block of an encrypted-and-authenticated message, and one encryption on each block of associated authenticated data. According to Crypto++ benchmarks, AES CCM requires 28.6 cycles per byte on an Intel Core 2 processor in 32-bit mode. Notable inefficiencies: The catalyst for

165-444: The development of CCM mode was the submission of offset codebook (OCB) mode for inclusion in the IEEE 802.11i standard. Opposition was voiced to the inclusion of OCB mode because of a pending patent application on the algorithm . Inclusion of a patented algorithm meant significant licensing complications for implementors of the standard. While the inclusion of OCB mode was disputed based on these intellectual property issues, it

SECTION 10

#1733084763874

180-561: The fifth is the frame check sequence (FCS) which is used for error detection and correction. Of these sections only the data unit and MIC are encrypted. CCMP is the standard encryption protocol for use with the Wi-Fi Protected Access II (WPA2) standard and is much more secure than the Wired Equivalent Privacy (WEP) protocol and Temporal Key Integrity Protocol (TKIP) of Wi-Fi Protected Access (WPA). CCMP provides

195-450: The following security services: Because CCMP is a block cipher mode using a 128-bit key, it is secure against attacks to the 2 steps of operation. Generic meet-in-the-middle attacks do exist and can be used to limit the theoretical strength of the key to 2 (where n is the number of bits in the key) operations needed. CCM mode CCM mode ( counter with cipher block chaining message authentication code ; counter with CBC-MAC )

210-401: The latter is effectively a stream cipher . As the name suggests, CCM mode combines counter (CTR) mode for confidentiality with cipher block chaining message authentication code (CBC-MAC) for authentication. These two primitives are applied in an "authenticate-then-encrypt" manner: CBC-MAC is first computed on the message to obtain a message authentication code (MAC) , then the message and

225-410: Was agreed that the simplification provided by an authenticated encryption system was desirable. Therefore, Housley, et al. developed CCM mode as a potential alternative that was not encumbered by patents. Even though CCM mode is less efficient than OCB mode, a patent free solution was preferable to one complicated by patent licensing issues. Therefore, CCM mode went on to become a mandatory component of

#873126