RESEARCH ARTICLE Critical analysis of counter mode with cipher block chain message authentication mode protocol—CCMP Idris Ahmed 1 , Anne James 2 and Dhananjay Singh 3 * 1 Software Research Institute, Athlone Institute of Technology, Dublin Road, Athlone, Ireland 2 Faculty of Engineering and Computing, Coventry University, Coventry CV1 5FB, U.K. 3 Department of Electronics Engineering, Hankuk University of Foreign Studies, 89, Wangsan-ri, Mohyeon-myeon, Cheoin-gu, Yongin- si, Gyeonggi-do 449-791, South Korea ABSTRACT CCM/CCMP is a two-cycle authenticate and encrypt (AE) mode. One cycle is used to perform confidentiality computations, and the second cycle is used to compute authenticity and integrity. CCM/CCMP is also a generic composition. CCM/CCMP is actually made up of two separate modes, CBC-MAC and AES counter mode amalgamated together. Although CCM/CCMP is an AE mode, it is not an authenticated encryption with associated data (AEAD) mode. Previous research has suggested that it is a major deficiency for an AE mode not to be an AEAD. Previous critiques of the CCM/CCMP have shown that CBC-MAC and AES counter mode were poorly amalgamated to create the CCM/CCMP. They also showed that CCMP, which was ratified by the IEEE 802.11i workgroup in 2003 and implemented in WPA2, has some security issues. It also has some major efficiency and complexity issues. This research work reviewed the current major AE and AEAD modes such as the Galois counter mode, and the encryption system with keyed integrity and managed oracle and used critical analysis and statistical analysis approaches to identify more deficiencies in the CCM/CCMP. Copyright © 2013 John Wiley & Sons, Ltd. KEYWORDS CCM; CCMP block cipher mode; OCB; GCM; AE; AEAD; IEEE four-way handshake; TKIP *Correspondence Dhananjay Singh, Department of Electronics Engineering, Hankuk University of Foreign Studies, 89, Wangsan-ri, Mohyeon-myeon, Cheoin-gu, Yongin-si, Gyeonggi-do 449–791, South Korea. E-mail: dsingh@hufs.ac.kr 1. INTRODUCTION Wired equivalent privacy (WEP) was a breakthrough invention made by the IEEE in 1997 to provide total security for the IEEE 802.11 wireless transmissions. WEP is a stream cipher. This means that data is encrypted in bits, like a stream. WEP failed to meet all of its security goals of providing data confidentiality, authenticity and integrity. WEP had several security issues. Some of the security issues in WEP stemmed from the fact that its stream cipher encryption engine, the RC4, was initially implemented with short keys of 64 bits that could easily be cracked using free downloadable tools from the Inter- net. There were also other security issues that stemmed from the WEP’s reuse of the 64 bits IV as demonstrated in a famous attack called Fluhrer, Mantin and Shamir attack. A new security scheme called temporal key integrity protocol (TKIP) was subsequently developed and adapted by the IEEE to fix WEP’s security issues. TKIP is also a stream cipher. It uses 128 bits and 256 bits keys. On 24 June 2003, the IEEE 802.11i workgroup replaced TKIP with the counter with cipher block message authen- tication code protocol (CCMP) block cipher mode [6,7]. This was deemed a fundamental shift from the use of stream ciphers to block ciphers. The CCMP was proposed by Whiting et al. [3] to provide the security goals of confidentiality, authenticity and integrity, which both WEP and TKIP failed to adequately provide. Bellare and Namprepre [9] defined CCMP generic composition as a se- curity scheme created by amalgamating two separate independent security algorithms. The CCMP, the IEEE four-way handshake and the IEEE 802.1X framework are meant to be the implementation of the robust secure network (RSN). This is the IEEE 802.11i standard [7,8]. Despite its claim of better security than WEP, TKIP was a wrapper around WEP and was judged to be complex and has since been cracked. Not long after the ratification of TKIP, on 24 June 2003, the IEEE 802.11i workgroup replaced it with CCMP. This was a major shift from the use of stream ciphers to a block cipher. The CCMP was SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2014; 7:293–308 Published online 22 March 2013 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.733 Copyright © 2013 John Wiley & Sons, Ltd. 293