Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

What AES bitrate does wpa2-aes encryption use?

This thread has been viewed 7 times

  • 1.  What AES bitrate does wpa2-aes encryption use?

    Posted Oct 10, 2016 06:47 PM

    Another forum post indicated that TAC stated WPA2-AES-PSK used 256 bit since ArubaOS 6.3.

     

    Does this same apply to 802.1x  WPA2-AES?



  • 2.  RE: What AES bitrate does wpa2-aes encryption use?

    EMPLOYEE
    Posted Oct 11, 2016 03:53 AM

    Patrick,

     

    That question is not so easy to answer. WPA2-PSK and WPA2-Enterprise both use 128 bit keys (TK1 & TK2)  for the data encryption. However that key is derived from a Master key (MK) that must be at least 128 bits long (key strength), and it depends on what provides the MK what the actual strength is. For WPA2-PSK it is derived from the PSK, for WPA2 Enterprise it is derived during the authentication.

     

    This is defined in the 802.11i standard (https://www.ietf.org/rfc/rfc4017.txt), and if you want to understand it more, you can check the standard itself or a better readable summary like http://tldp.org/HOWTO/8021X-HOWTO/intro.html#Key

     

    Be warned: there are quite some keys, derivation, algorithms used together each with its own key length and purpose. That makes is impossible to answer your question.



  • 3.  RE: What AES bitrate does wpa2-aes encryption use?

    Posted Oct 11, 2016 11:57 AM

    I've found mention of Aruba platforms supporting AES-256-GCM with an ACR license, and that Aruba platforms also support suite B cyphers. Without the license, we use AES-CCM .

     

    ref http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Content/ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm

     

    If I understand it correctly, it sounds as if 256 bit encryption is possible.  Without the ACR license, it is unlikely that a normal controller running WPA2-AES w/ 802.1x auth is using 256 bit encryption, though.



  • 4.  RE: What AES bitrate does wpa2-aes encryption use?

    EMPLOYEE
    Posted Oct 11, 2016 12:01 PM
    Do you need Suite B ciphers in your environment?


  • 5.  RE: What AES bitrate does wpa2-aes encryption use?

    Posted Oct 11, 2016 12:08 PM

    It isn't so much as we -need- 256-bit or suite b encryption -- we are currently under an audit, and I'm trying to find out a definitive yes/no for the standard wpa2-aes encryption opmode bitrate.  The documentation I've found doesn't clearly say it one way or another.



  • 6.  RE: What AES bitrate does wpa2-aes encryption use?

    Posted Aug 14, 2019 01:43 PM

    The following info was derived from multiple websites discussing the pairwise transient key (PTK). The PTK is a total of 512 bits but is divided into 5 different keys. One of these keys, the TK (temporal key) is 128 bits and that is what is used to encrypt the data frames.

     

    The PTK is formed from PMK + Anonce + Snonce + Client MAC + AP MAC

    The PTK is a total of 512 bits and actually contains the following 5 keys

    KCK - 128-bit Key Confirmation Key used to provide data integrity during 4 -Way Handshake & Group Key Handshake.

    KEK  128-bit Key Encryption Key used by EAPOL-Key frames to provide data privacy during 4-Way Handshake & Group Key Handshake.

    Temporal Key – 128-bit key used to encrypt & decrypt MSDU of 802.11 data frames between user device & access point (confidentiality of data)

    Temporal MIC Authenticator Tx – 64-bit key used to compute message integrity key (MIC) - protects integrity of data frames transmitted by the AP to the user device

    Temporal MIC Authenticator Rx – 64-bit key used to compute message integrity key (MIC) - protects integrity of data frames transmitted by the user device to the AP