Wireless Access

Reply
Frequent Contributor II

What AES bitrate does wpa2-aes encryption use?

Another forum post indicated that TAC stated WPA2-AES-PSK used 256 bit since ArubaOS 6.3.

 

Does this same apply to 802.1x  WPA2-AES?

rwin = 0
MVP Guru

Re: What AES bitrate does wpa2-aes encryption use?

Patrick,

 

That question is not so easy to answer. WPA2-PSK and WPA2-Enterprise both use 128 bit keys (TK1 & TK2)  for the data encryption. However that key is derived from a Master key (MK) that must be at least 128 bits long (key strength), and it depends on what provides the MK what the actual strength is. For WPA2-PSK it is derived from the PSK, for WPA2 Enterprise it is derived during the authentication.

 

This is defined in the 802.11i standard (https://www.ietf.org/rfc/rfc4017.txt), and if you want to understand it more, you can check the standard itself or a better readable summary like http://tldp.org/HOWTO/8021X-HOWTO/intro.html#Key

 

Be warned: there are quite some keys, derivation, algorithms used together each with its own key length and purpose. That makes is impossible to answer your question.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Frequent Contributor II

Re: What AES bitrate does wpa2-aes encryption use?

I've found mention of Aruba platforms supporting AES-256-GCM with an ACR license, and that Aruba platforms also support suite B cyphers. Without the license, we use AES-CCM .

 

ref http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Content/ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm

 

If I understand it correctly, it sounds as if 256 bit encryption is possible.  Without the ACR license, it is unlikely that a normal controller running WPA2-AES w/ 802.1x auth is using 256 bit encryption, though.

rwin = 0
Guru Elite

Re: What AES bitrate does wpa2-aes encryption use?

Do you need Suite B ciphers in your environment?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: What AES bitrate does wpa2-aes encryption use?

It isn't so much as we -need- 256-bit or suite b encryption -- we are currently under an audit, and I'm trying to find out a definitive yes/no for the standard wpa2-aes encryption opmode bitrate.  The documentation I've found doesn't clearly say it one way or another.

rwin = 0
New Contributor

Re: What AES bitrate does wpa2-aes encryption use?

The following info was derived from multiple websites discussing the pairwise transient key (PTK). The PTK is a total of 512 bits but is divided into 5 different keys. One of these keys, the TK (temporal key) is 128 bits and that is what is used to encrypt the data frames.

 

The PTK is formed from PMK + Anonce + Snonce + Client MAC + AP MAC

The PTK is a total of 512 bits and actually contains the following 5 keys

KCK - 128-bit Key Confirmation Key used to provide data integrity during 4 -Way Handshake & Group Key Handshake.

KEK  128-bit Key Encryption Key used by EAPOL-Key frames to provide data privacy during 4-Way Handshake & Group Key Handshake.

Temporal Key – 128-bit key used to encrypt & decrypt MSDU of 802.11 data frames between user device & access point (confidentiality of data)

Temporal MIC Authenticator Tx – 64-bit key used to compute message integrity key (MIC) - protects integrity of data frames transmitted by the AP to the user device

Temporal MIC Authenticator Rx – 64-bit key used to compute message integrity key (MIC) - protects integrity of data frames transmitted by the user device to the AP

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: