The FIPS 140-2 publication from the National Institute of Standards and Technology (NIST) defines the U.S. federal government standard for modules that protect sensitive but unclassified information through cryptography, or encryption and decryption. Even though FIPS 140-2 is for the federal government, many enterprises and other non-governmental organizations are interested in FIPS 140-2 because it is a robust and well-defined standard for security. Given the many threats to Wi-Fi® security that exist, requiring FIPS 140-2 validation for Wi-Fi client devices may not be a bad idea.
AES-CCMP, the Wi-Fi standard for encryption and decryption, is approved for FIPS 140-2. Nearly every Wi-Fi chip supports AES-CCMP in hardware. So why are only a handful of Wi-Fi client devices validated for FIPS 140-2?
In order to earn the Wi-Fi CERTIFIED™ seal from the Wi-Fi Alliance®, a Wi-Fi device must pass a security certification program called WPA2™. There are two versions of WPA2: Personal and Enterprise. For authentication between the client device and the network, WPA2-Personal relies on a static pre-shared key, whereas WPA2-Enterprise relies on IEEE 802.1X with an Extensible Authentication Protocol (EAP) type. Once the authentication process completes, all data sent between the client device and the network is encrypted using AES-CCMP, which leverages the Advanced Encryption Standard (AES) cipher. The Wi-Fi Alliance refers to AES-CCMP as “government grade” encryption because AES-CCMP is sufficient for FIPS 140-2.
Most organizations that require FIPS 140-2 for Wi-Fi client devices have configured their Wi-Fi networks for WPA2-Enterprise and want client devices to use WPA2-Enterprise.
To be validated for FIPS 140-2, the WPA2-Enterprise implementation on a client device must meet certain requirements, such as:
Š The 802.1X supplicant, which supports WPA2-Enterprise authentication and key derivation, must rely on FIPS-approved algorithms and operate in a FIPS-approved mode.
Š The AES-CCMP module, which encrypts all transmitted data and decrypts all received data, must be FIPS-validated.
Part of the FIPS 140-2 validation process is a set of self-tests that verify the functionality of the cryptographic module and ensure that it is running correctly. Some self-tests require examination of encrypted data on the client device. When AES-CCMP is performed in the Wi-Fi chip, that chip must support a “loopback” capability to “loop” the encrypted data to the client device for examination. Because few Wi-Fi chips for client devices support loopback, few Wi-Fi client devices are validated for FIPS 140-2.
When the AES-CCMP module used for WPA2-Enterprise cannot be validated for FIPS 140-2, NIST suggests the use of a virtual private network, or VPN, so long as the VPN uses a FIPS-validated encryption algorithm contained in a validated cryptographic module. A VPN is a virtual network built on top of a physical (and possibly unsecure) network. WPA2-Enterprise operates at Layer 2; a VPN operates at Layer 3.
With a VPN, cryptography on the client device is performed in software instead of hardware. Every time a packet is transmitted or received, software cryptography consumes CPU, memory, and battery resources on a client device. Reliance on a VPN for FIPS 140-2 may not be the best choice for some client devices used in enterprise settings.
Organizations considering FIPS 140-2 for Wi-Fi client devices should consider whether or not WPA2-Enterprise with chip-based AES-CCMP is sufficient to protect sensitive but unclassified information before making a final decision.
More information on FIPS 140-2 and Wi-Fi client devices is found in “FIPS 140-2 and Wi-Fi Client Devices—A Laird Technologies White Paper”, available at www.summitdata.com.