Tags
Here is my notes about Chapter 3 (Encryption Ciphers & Methods) of CWSP Study Guide.
Symmetric & Asymmetric Algorithms
In symmetric algorithm, both the encrypting & decrypting parties share the same key. WEP, TKIP & CCMP are encryption methods that all use symmetric algorithms.These methods are less processor intensive compare to asymmetric algorithms, so much faster.
Asymmetric algorithm use a pair of keys, one key used for encryption & the other key used for decryption. The decryption key is kept secret & is known as “private key” or “secret key“. The encryption key is shared and is referred as “public key“. Below shows the asymmetric key usage (page 68 – CWSP Official Study Guide)
Stream Ciphers Vs Block Ciphers
During cryptographic process, the plaintext needs to be combine with random data bits to create ciphertext. If this task perform sequentially bit by bit basis, those ciphers known as “stream ciphers“. A stream ciphers is a symmetric key cipher where plaintext bits are combined with a pseudo-random cipher called keystream.
Unlike stream ciphers, a block cipher takes fixed length block of plaintext & generate a block of ciphertext of the same length. Most block ciphers are designed to apply a simpler function repeatedly to the block. Each iterative process or function is referred as “round“.
RC4– Stream Cipher
RC5– Block Cipher (32,64,128 bit blocks, 0-2040 bit key, 0-255 rounds)
DES– Block Cipher (64bit block & 64bit key [56bit effective], 16 rounds)
3DES – Block Cipher (168bit effective key size + 24bits for parity)
AES – Block Cipher (128,192 & 256bit block size)
Here are the details about TKIP– Temporal Key Integrity Protocol encryption method.
* TKIP was created to replace WEP after WEP encryption was broken.
* IEEE 802.11-2007 defined 2 RSNA data confidentiality & integrity protocol (CCMP & TKIP) with TKIP support is optional.
* In 2003 WiFi alliance introduced WPA(Wi-Fi Protected Access) which require TKIP encryption.
* Following TKIP enhancement address the known WEP weaknesses
1. Temporal Keys – to defeat social engineering attacks
2. Sequencing – to defeat replay & injection attacks
3. Key Mixing – to defeat the known IV collisions & weak-key attacks
4. Enhanced Data Integrity(MIC) – to defeat bit-flipping & forgery attacks
5. TKIP Countermeasures – to address constraints of TKIP MIC
Below shows TKIP Encryption & Data Integrity Process (Fig 3.6 – Page 78 CWSP Official Certificate Guide)
* TKIP use dynamically generated 128bit key.
* This key can either be a PTK–Pairwise Transient Key used to encrypt unicast traffic or GTK–Group Temporal Key used to encrypt broadcast & multicast key.
* TKIP use 2 phase key mixing process.
* 48-bit TKIP Sequence Counter (TSC) is generated & broken into 6 octets (TSC0-TSC5)
* Phase 1 key mixing us 128-bit temporal key (TK) with TSC2-TSC5 as well as Tranmit Address (TA)
* Output of phase 1 is known as TKIP-mixed transmit address & key (TTAK)
* Phase 2 key mixing combines, TTAK with TSC0-TSC1 with 128 bit TK.
* Output of the phase 2 is known as “WEP seed”
* WEP seed is then run through ARC4 algorithm & key stream is created.
* WEP seed is represented as WEP Initialization Vector(IV) & 104 bit WEP keys.
* Extend IV created by TSC2-5 of key mixing phase2
* IV & Extended IV (8 byte in total) called TKIP header.
Below shows the TKIP MPDU (Fig 3.7 in page 81 – CWSP Official Study Guide)
* TKIP uses Message Integrity Code(MIC) also named as “Michael”
* MIC is computed using Destination Address (DA), Source Address (SA), MSDU priority and plaintext Data.
* MIC is 8 octet in size & labeled M0 to M7.
* MIC contain only 20bits of effective security strength & so below TKIP countermeasures are in-placed.
1. MIC failures will be logged
2. If two MIC failures occur within 60s STA or AP must disable all reception of TKIP frames for 60s.
3.Key refresh- PTK & GTK should be changed.
* TKIP MIC does not replace WEP ICV (32bit), but augments it.
* WEP ICV helps prevent false detection of MIC failures that would cause TKIP countermeasure to be invoked.
* MPDU+MIC+ICV used to perform XOR with Keystream to generated encrypted payload.
* Frame Check Sequence(FCS) is calculated over all of the header & entire frame body resulting 32bit CRC placed in FCS field.
* before MIC verification, receiving STA check FCS, ICV & TSC of all MPDU.* In total TKIP add 20 byte (4-IV, 4-ExIV, 8-MIC, 4-ICV) overhead. So max MPDU with TKIP can be 2324 byte (2304 +20).
Referece:
1. CWSP Official Study Guide- Chapter 3
mrn-cciew 
Hello Rasika;
Thank you very much for your post. I’ve noticed you are very methodical on your approach on choosing a particular subject and describing it. What is your approach? do you read the material and test the material in your home Lab? I am very much interested in finding out your approach because, I am learning a lot from the different posts that you create and wireless is my new hobby and my new work responsibility.
Thanks
Juan
Hi Juan,
Yes, first I read about high level & get an idea what it is & what it does. Then I go into detail how does it works ? if that is something I can test in my home lab, I always go for it . In wireless I found looking at packet capture is extremely useful & effective way of learning.
I always pick a one feature/topic when it comes to labbing.
Hope that gives some guidance to you as well
Rasika
Hi Rasika,
I like your Wireless journal very much and it surely is helpful not only to engineers in pursue of CCIEW but whoever works on wireless. Only one suggestion – please change the background away from black which makes me dizzy before finishing the whole article each time…
Thanks again for knowledge sharing
JW
Hi JW,
Thanks for encouraging feedback…
I will see what I can do with background colour..
Rasika
Very Good Job, thanks for the great share 🙂
Thanks Ahmed
Thanks.
Hi Rasika,
You have mentioned (& so is the CWSP Study Guide by David Coleman & Co.):
* MPDU+MIC+ICV used to perform XOR with Keystream to generated encrypted payload.
Even the diagram shows it as Plaintext “MPDU” before the XOR operation.
But isn’t it just “MSDU”? Because MPDU implies the whole 802.11 packet, consisting of 802.11 headers along with payload?
I’m aware, to compute MIC even DA, SA along with MIC key & payload are being used. i.e. MIC protects more than just the payload.
But wouldn’t it be incorrect to mention it as MPDU before XOR?
Hi,Sir.. I want to do CWNA online course.can u suggest me some good tutorials
There may be some videos on youtube.
https://www.youtube.com/user/CWNPTV
HTH
Rasika