6 aes and 802.11i – Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 11: Wireless LAN – WLAN

230

Wi

re

le

ss

L

A

N

–

WL

A

N

11.2.6

AES and 802.11i

In mid-2004, the long awaited 802.11i standard was approved by the IEEE,
which should put the entire security concept of the WLAN on a new basis—
which is to be expected, since errors as serious as those encountered during
the introduction of WEP are unlikely to occur with 802.11i. As mentioned in
the last section, WPA has already implemented a whole series of concepts
from 802.11i—so in this section we will only describe the components which
are new compared to WPA.

AES

The most obvious extension is the introduction of a new encryption process,
namely AES-CCM. As the name already hints, this encryption scheme is based
on DES's successor AES, in contrast to WEP and TKIP, which are both based
on RC4. Since only the newest generation of WLAN chips contain AES
hardware, 802.11i continues to define TKIP, but with the opposite
prerequisites: any 802.11i-compliant hardware must support AES, while TKIP
is optional—in WPA that was exactly the other way around. Due to the
widespread adoption of non-AES-compatible hardware, however, it is to be
expected that every AES-capable WLAN card will still support WEP and TKIP.
WLAN devices will, however, probably provide configuration options which
prevent use of TKIP—many agencies in the USA consider TKIP insufficiently
secure, which due to the comparatively weak Michael hash is fairly well
justified.

The suffix CCM denotes the way in which AES is used in WLAN packets. The
process is actually quite complicated, for which reason CCM is only sensibly
implemented in hardware—software-based implementations are possible,
but would result in significant speed penalties due to the processors
commonly used in access points.

In contrast to TKIP, AES only requires a 128-bit key, with which both the
encryption and protection against undetected changes to packets is achieved.
Furthermore, CCM is fully symmetric, i.e. the same key is used in both
communications directions—a compliant TKIP implementation, on the other
hand, requires the use of different Michael keys in the send and receive
directions, so that CCM is significantly simpler in use than TKIP.

Occasionally one finds other AES variants in older publications or drafts of the
802.11i standard, namely AES-OCB or WRAP. In these variants, AES was used
in a different form, which was dropped in favor of CCM in the final standard.
WRAP is nowadays meaningless.