You are implementing the wireless network for your organization. Which of the following cryptographic functions provides the most adequate security? (Wentz QOTD)
A. Galois/Counter Mode (GCM)
B. Galois Message Authentication Code (GMAC)
C. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
D. Advanced Encryption Standard (AES)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP).
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Wireless security includes but is not limited to authentication, confidentiality, data integrity, and the authenticity of data origin.
Block Cipher and Operation Modes
“The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.” (Wikipedia)
AES is a block cipher that can operate in various modes. WPA and WPA use AES in the Counter Mode, which turns a block cipher into a stream cipher and generates keystream blocks. WPA3 employs AES too but operates in the Galois/Counter Mode (GCM).
Message Authentication Code (MAC)
Message authentication codes are calculated to enforce the authenticity of message origin. HMAC, CBC-MAC, and GMAC are common MAC algorithms. Message Integrity Code (MIC), generated by the algorithm called Michael, can be treated as the equivalent version of MAC. WPA and WPA2 use CBC-MAC, while WPA3 employs GMAC.
Cryptographic Protocols
“Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.” (Wikipedia)
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) is a cryptographic protocol, which employs a cipher in Counter Mode to enforce confidentiality and Cipher Block Chaining Message Authentication Code (CBC-MAC) to enforce authenticity.
Reference
- Advanced Encryption Standard
- Galois/Counter Mode
- CCMP (cryptography)
- Block cipher mode of operation
- Security Analysis of Michael: the IEEE 802.11i Message Integrity Code
- Wi-Fi Protected Access
- WPA3™ Specification Version 3.0
您正在為您的組織實施無線網絡。 以下哪個加密函數提供了最充分的安全性? (Wentz QOTD)
A. 伽羅瓦/計數器模式 (GCM)
B. 伽羅瓦消息認證碼 (GMAC)
C. 計數器模式密碼塊鏈接消息驗證碼協議 (CCMP)
D. 高級加密標準 (AES)