Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
CCMP (cryptography)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Authenticated encryption protocol for Wireless LAN}} '''Counter Mode Cipher Block Chaining Message Authentication Code Protocol''' ('''Counter Mode CBC-MAC Protocol''') or '''CCM mode Protocol''' ('''CCMP''') is an [[authenticated encryption]] [[security protocol|protocol]] designed for [[Wireless LAN]] products that implements the standards of the [[IEEE 802.11i]] amendment to the original [[IEEE 802.11]] standard. CCMP is a data cryptographic encapsulation mechanism designed for data [[confidentiality]], [[data integrity|integrity]] and [[message authentication|authentication]]. It is based upon the Counter Mode with CBC-MAC ([[CCM mode]]) of the [[Advanced Encryption Standard]] (AES) standard.<ref name="802.11 2007">{{cite web|url=http://standards.ieee.org/getieee802/download/802.11-2007.pdf|archive-url=https://web.archive.org/web/20081013101112/http://standards.ieee.org/getieee802/download/802.11-2007.pdf|url-status=dead|archive-date=October 13, 2008|title=IEEE Std 802.11-2007|last=Cole|first=Terry|date=12 June 2007|publisher=The Institute of Electrical and Electronics Engineers, Inc|accessdate=11 April 2011|location=New York, New York}}</ref> It was created to address the vulnerabilities presented by [[Wired Equivalent Privacy]] (WEP), a dated, insecure protocol.<ref name="802.11 2007" /> ==Technical details== {{Technical|date=February 2018}} CCMP uses [[CCM mode|CCM]] that combines [[block cipher modes of operation#Counter .28CTR.29|CTR mode]] for data confidentiality and [[CBC-MAC|cipher block chaining message authentication code (CBC-MAC)]] for authentication and integrity. CCM protects the integrity of both the [[MAC protocol data unit|MPDU]] data field and selected portions of the IEEE 802.11 MPDU header. CCMP is based on AES processing and uses a 128-bit key and a 128-bit block size. CCMP uses CCM with the following two parameters: * M = 8; indicating that the MIC is 8 [[Octet (computing)|octets]] (eight bytes). * L = 2; indicating that the Length field is 2 octets. A CCMP [[MAC protocol data unit|Medium Access Control Protocol Data Unit]] (MPDU) comprises five sections. The first is the MAC header which contains the destination and source address of the data packet. The second is the CCMP header which is composed of 8 octets and consists of the packet number (PN), the Ext IV, and the key ID. The packet number is a 48-bit number stored across 6 octets. The PN codes are the first two and last four octets of the CCMP header and are incremented for each subsequent packet. Between the PN codes are a reserved octet and a Key ID octet. The Key ID octet contains the Ext IV (bit 5), Key ID (bits 6β7), and a reserved subfield (bits 0β4). CCMP uses these values to encrypt the data unit and the MIC. The third section is the data unit which is the data being sent in the packet. The fourth is the [[message authentication code|message integrity code]] (MIC) which protects the integrity and authenticity of the packet. Finally, the fifth is the [[frame check sequence]] (FCS) which is used for error detection and correction. Of these sections only the data unit and MIC are encrypted.<ref name="802.11 2007" /> ==Security== CCMP is the standard encryption protocol for use with the [[Wi-Fi Protected Access II]] (WPA2) standard and is much more secure than the [[Wired Equivalent Privacy]] (WEP) protocol and [[Temporal Key Integrity Protocol]] (TKIP) of [[Wi-Fi Protected Access]] (WPA). CCMP provides the following security services:<ref>{{cite book|last=Ciampa|first=Mark|title=Security Guide To Network Security Fundamentals|edition=3|year=2009|publisher=Course Technology|location=Boston, MA|isbn=978-1-4283-4066-4|pages=205, 380, 381}}</ref> * Data confidentiality; ensures only authorized parties can access the information * Authentication; provides proof of genuineness of the user * Access control in conjunction with layer management Because CCMP is a block cipher mode using a 128-bit key, it is secure against attacks to the 2<sup>64</sup> steps of operation. Generic [[meet-in-the-middle attack]]s do exist and can be used to limit the theoretical strength of the key to 2<sup>''n''/2</sup> (where ''n'' is the number of bits in the key) operations needed.<ref>{{cite web|url=http://tools.ietf.org/html/rfc3610|title=Counter with CBC-MAC (CCM)|last=Whiting|first=Doug |author2=R. Housley |author3=N. Ferguson |date=September 2003|publisher=The Internet Society|accessdate=11 April 2011}}</ref> ===Known attacks=== {{Main|Advanced Encryption Standard#Known attacks}} ==References== {{reflist}} {{DEFAULTSORT:Ccmp}} [[Category:Cryptographic protocols]] [[Category:Wireless networking]] [[Category:IEEE 802.11]] [[Category:Secure communication]] [[Category:Key management]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Ambox
(
edit
)
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:Main
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Technical
(
edit
)