AES-CCMP is an approved cryptographic method for FIPS 140-2, which defines the standard for cryptographic modules that protect sensitive but unclassified information. Since 2006, support for AES-CCMP has been a requirement for Wi-Fi® certification, so nearly every Wi-Fi chip supports AES-CCMP in hardware, i.e. on the chip. Very few Wi-Fi products, however, are validated for FIPS 140-2, primarily because Wi-Fi chips lack support for loopback, which is required for some FIPS 140-2 validation tests. Alternatives to chip-based AES-CCMP for FIPS 140-2 involve software cryptography, which is ill-suited to devices that have relatively modest CPU and memory resources or require long battery life. Organizations considering FIPS 140-2 for Wi-Fi client devices should consider whether or not WPA2™-Enterprise with chip-based AES-CCMP provides sufficient security. Read more in Laird's FIPS 140-2 and Wi-Fi Client Devices white paper. The technical article explains FIPS 140-2 and touches on the following topics and more:
- Supplicant: authentication and key derivation
- AES-CCMP in hardware and software
Download the white paper, here.