The 802.11i (WPA2) WLAN security standard was approved in June 2004, which fixes WEP and WPA flaws. Which of the following is not correct about 802.11i?
A. A block cipher with counter mode replaces the stream cipher.
B. The cryptographic key can be cached to enable fast and secure roaming.
C. Hash-based message authentication code is added to enforce frame authenticity.
D. 802.1X is used for authentication relying on Extensible Authentication Protocol (EAP).

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Hash-based message authentication code is added to enforce frame authenticity.

AES in CCMP Mode: CBC-MAC vs HMAC

802.11i (WPA2) uses AES (block cipher) in CCMP mode that replaces RC4 (stream cipher) used in WPA (TKIP) and WEP.

• CCMP stands for Counter Mode Cipher Block Chaining–Message Authentication Code Protocol (Counter Mode CBC-MAC Protocol).
• CCMP fulfilled integrity through CBC-MAC instead of hash-based MAC (HMAC).

WEP, WPA (802.11i draft), and WPA2 (802.11i)

This section is an excerpt from the paper, Security Analysis of Michael: The IEEE 802.11i Message Integrity Code, by Jianyong Huang, et. al.

The IEEE 802.11b standard employs a data security mechanism known as Wired Equivalent Privacy (WEP). WEP uses RC4 stream cipher for its data encryption and CRC-32 to check its message integrity. Recent research shows that WEP is not secure as it does not use RC4 and CRC-32 correctly. The latest IEEE 802.11i draft uses a new keyed hash function, called Michael, as the message integrity code.

To address the WEP vulnerabilities, the IEEE 802.11 Task Group i (TGi) provides a short-term solution and a long-term solution.

• The short-term solution has adopted the Temporal Key Integrity Protocol (TKIP). TKIP is a group of algorithms that wraps the WEP protocol to address the known weaknesses. TKIP includes three components: a message integrity code called Michael, a packet sequencing discipline, and aper-packet key mixing function. TKIP is considered as a temporary solution, and it is designed for legacy hardware.
• For the long-term solution, the IEEE 802.11 TGi recommends two modes of operation: WRAP (Wireless Robust Authenticated Protocol) and CCMP (Counter-Mode-CBC-MAC Protocol). Both WARP and CCMP are based on AES cipher, and they require new hardware.

MAC vs MIC

The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications to distinguish it from the use of the latter as media access control address (MAC address).
– However, some authors use MIC to refer to a message digest, which aims only to uniquely but opaquely identify a single message.
– RFC 4949 recommends avoiding the term message integrity code (MIC), and instead using checksum, error detection code, hash, keyed hash, message authentication code, or protected checksum.

Source: Wikipedia

802.11i

The AES implementation developed for 802.11i is referred to as the Counter-Mode/CBCMAC Protocol (CCMP). It uses the AED algorithm in two different modes to provide frame confidentiality), authentication, and integrity. For confidentiality, the AES algorithm is used in Counter Mode. For authentication and integrity, the AES algorithmis used in Cipher Block Chaining Message Authentication Code (CBC-MAC) mode.

It should also be noted that CCMP protects fields of the frame that are not encrypted, such as the source and destination Ethernet addresses. Portions of the 802.11 frame that are not encrypted but protected by CCMP integrity are referred to as Additional Authentication Data (AAD). Authenticating the source and destination MAC addresses of the frame protect against spoofing attacks and the replay of captured packets to different destinations. (AAD protection is an example one of the advantages of using 802.11i and Layer-2 level security for WLAN networks, compared to a Layer-3 only solution.)

Source: Ken Masica

Roaming Support: Key Caching and Pre-authentication

Two additional but less prominent features, key caching and pre-authentication, were also added to the standard to enable fast and secure roaming.

– Key caching stores information about the client on the network so that if a station leaves an access point and returns, credentials for re-authentication do not have to be entered again (subject to configured session timeouts).

– Pre-authentication refers to the ability of a network to send authentication data between access points so that a roaming station does not need to authenticate to each access point. These features of 802.11i enhance mobile WLAN applications over a larger scale among multiple access points, such as a technician with a hand-held device roaming throughout a plant or a device such as an overhead crane or a transportation vehicle transmitting position information.

Source: Ken Masica

802.1X and EAP

The 802.11i (WPA2) WLAN security standard, approved last June, specifies use of the 802.1X authentication framework for enterprise deployments. Within that framework, enterprises can choose which Extensible Authentication Protocol (EAP) algorithm they’d like to use.

Currently, when testing interoperability of products supporting 802.11i/WPA2, the alliance defaults to using EAP-Transport Layer Security (TLS), an EAP method requiring client- and server-side digital certificates, for purposes of the test, explains David Cohen, the chairman of the alliance’s security marketing task group.

However, many enterprises have chosen (or, as they adopt 802.1X-based infrastructures, are likely to choose) any number of other industry-standard EAP types, including those that don’t require the complexity of a public-key infrastructure. Among these are Protected-EAP (PEAP) and EAP-Tunneled TLS (TTLS).

Source: Joanie Wexler

Reference

• Design and Implementation of an Efficient Structure of 802.11n with WPA2
• Wi-Fi Alliance to test EAP types
• Simplifying WPA2-Enterprise and 802.1X
• WIRELESS LAN SECURITY AND IEEE 802.11i
• Security Analysis and Improvements for IEEE 802.11i
• Securing WLANs using 802.11i
• Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
• 802.11i Authentication and Key Management (AKM)
• IEEE 802.11
• IEEE 802.11i-2004
• CCMP (cryptography)
• CCM mode
• CBC-MAC
• Block cipher mode of operation
• What’s the difference between WPA and 802.11i?
• Wi-Fi Protected Access (WPA), WPA2 and 802.11i
• CWSP – CCMP Encryption Method
• Temporal Key Integrity Protocol
• Security Analysis of Michael: the IEEE 802.11i Message Integrity Code

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

802.11i (WPA2) 無線網路安全標準於2004年6月獲得批准，該標準修復了WEP和WPA的缺陷。 關於802.11i，以下哪一項是不正確的？
A. 具有計數器模式(counter mode)的區塊型加密器(block cipher)取代了串流型加密器(stream cipher)。
B. 可以對加密密鑰進行緩存(cache)，以實現快速和安全的漫遊(roaming)。
C. 添加了基於雜湊(hash)的訊息驗證代碼(message authentication code)，以強化訊框的真實性。
D. 身份驗證使用802.1X，它依賴可擴展身份驗證協議(EAP)。