Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
4-13
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Encryption
Figure 4-8
WPA2 AES CCMP
In the CCMP procedure, additional authentication data (AAD) is taken from the MAC header and
included in the CCM encryption process. This protects the frame against alteration of the non-encrypted
portions of the frame.
included in the CCM encryption process. This protects the frame against alteration of the non-encrypted
portions of the frame.
To protect against replay attacks, a sequenced packet number (PN) is included in the CCMP header. The
PN and portions of the MAC header are used to generate a nonce that is turn used by the CCM encryption
process.
PN and portions of the MAC header are used to generate a nonce that is turn used by the CCM encryption
process.
Four-Way Handshake
The four-way handshake describes the method used to derive the encryption keys to be used to encrypt
wireless data frames
wireless data frames
shows a diagram of the frame exchanges used to generate the encryption
keys. These keys are referred to as temporal keys.
132361
Build
AAD
Build CCMP
header
Plaintext data
Nonce
MAC header
Temporal key
AAD
Build
Nonce
AES
CCMP
PN
Priority,
destination
address
MAC
header
CCMP
header
Encrypted
data
Encrypted
MIC