Most Secure Transmission Algorithm

teancum144

Which of the following is the MOST secure transmission algorithm?

A. AES 256
B. TKIP
C. 3DES
D. AES

I was tricked on this one. I chose A, "AES 256". However, the answer is B, "TKIP". The explanation said that only TKIP is a "transmission" algorithm and that AES 256 is encryption for data at rest. My thought is that AES, when used in IPSec also secures data in transmission. Additionally, while TKIP is used in WPA for encrypted transmissions, AES is used in WPA2 for encrypted transmissions. What am I missing?

paul78

That's a good question. Certainly will keep you on your toes. TKIP is the only transmission algorithm on the list of choices. The rest are cipher algorithms. TKIP (WPA) uses RC4 as a cipher algorithm. WPA2 uses AES as its cipher algorithm.

The explanation provided isn't quite right though. You are correct that AES can be used as a cipher for data in transit - IPSec and SSL are examples.

teancum144

paul78 wrote: »

That's a good question. Certainly will keep you on your toes. TKIP is the only transmission algorithm on the list of choices. The rest are cipher algorithms. TKIP (WPA) uses RC4 as a cipher algorithm. WPA2 uses AES as its cipher algorithm.

The explanation provided isn't quite right though. You are correct that AES can be used as a cipher for data in transit - IPSec and SSL are examples.

From what you are saying, if TKIP is the transmission algorithm for WPA, what is the transmission algorithm for WPA2. From what I understand, IPSec is a framework (not an algorithm), so does IPSec have a transmission algorithm?

paul78

Sorry that I wasn't clear. I find most standards names about wifi entirely confusing myself.

The term WPA or Wi-Fi Protected Access is actually a tradename of the WiFi Alliance. I think WPA was used as a way to make it easier for consumers to understand wifi security.

WPA is TKIP which uses RC4 as a cipher
WPA2 is CCMP (not sure what that stands for) which uses AES as a cipher

I'm by no means an expert on wifi standards or it's naming conventions but I think that's the general gist.

Darril

I don't want to debate the question but from a general perspective, data is protected at three different times:

• Data at rest (stored on media)
• Data in transit (sent over a network)
• Data in use (processed in memory)

AES, AES 256, and 3DES are all used to encrypt data at rest. AES is such a good efficient symmetric encryption algorithm that it is used in many other algorithms.

TKIP is the only one specifically used for data in transit.

You won't see anything on the Security+ exam related to data in use but you might see something about it in advanced security exams such as the CISSP.

From another perspective, which one of the following four items is out of place?

1. Red
2. Orange
3. Green
4. Automobile

Automobile is out of place. The first three are colors. You could say that an automobile could be red, orange, and green, but that doesn't make it match the colors.

Apply this analogy to the data at rest and data in transit. Only one of your answers is specifically for data in transit.

HTH

paul78

@Darril - great example with Automobile/Color question. I guess that why you wrote the book and I write in forums

I really do like questions in this format; it really does make you think more. My favorite format of question includes negations or qualifiers like "best", "worst", "most".

Although, I still prefer my reasoning that AES, AES 256, and 3DES are eliminated because they are encryption algorithms whereas TKIP is not one.

sratakhin

Wait a second? Can't AES and 3DES be used to protect data in transit?

Darril

sratakhin wrote: »

Wait a second? Can't AES and 3DES be used to protect data in transit?

Yes, they can and I believe that is what the original poster was asking about.

However, which answer can ONLY be used to encrypt data in transit?

Or, asked another way, which answer cannot be used be used to encrypt data at rest?

@Paul78. Thanks for the kind words. Glad you like "best", "worst" and "most" because you are likely to some of those qualifiers on the Security+ exam.

teancum144

Not to beat a dead horse, but I was struggling to find an example of an equivalent "transmission protocol" to TKIP, but here is some relevant info:

"Advanced Encryption Standard (AES) is the cipher system used by RSN [WPA2/802.11i]. It is the equivalent of the RC4 algorithm used by WPA. ... CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA."
Source: WPA vs WPA2 (802.11i): How your Choice Affects your Wireless Network Security | Openxtra

Based on this, CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) is also a "Transmission Protocol" (comparing apples to apples).

Synthesizing this information with the information from the previous comments, here is my understanding:

TKIP is the only transmission algorithm in the list. The others are cipher/encryption algorithms that are typically used to encrypt data at rest. TKIP is used only to encrypt data in transit. CCMP is another example of a transmission algorithm. CCMP is more secure than TKIP.

Is the preceding paragraph correct?

paul78

Yes. That's about right. I would say something like this.

TKIP is the only transmission algorithm in the list. The others are cipher/encryption algorithms that are typically used to encrypt data at rest. TKIP uses RC4 to encrypt data in transit. CCMP which uses AES is another example of a transmission algorithm. CCMP is more secure than TKIP.

teancum144

I ran across some information that describes the following as "Transport" protocols that provide encryption:

• SSH
• HTTPS
• IPSec

The original post asked about the most secure "Transmission" algorithm. I'm a little confused about the context of the words "Transport" and "Transmission" as used in their respective contexts. I don't believe "Transport" is referring to the OSI layer because SSH and HTTPS are both Layer 7 and IPSec is layer 3.

Are the words "Transport" and "Transmission" as used in these contexts synonymous?