Cooperative Control Message encryption

  • 2
  • Question
  • Updated 4 years ago
  • Answered
I am designing an Aerohive WLAN for a municipal client. Aside from their inherent obsession with cost, they are asking some pointed questions about security. One question from their IT team was about the security of cooperative control protocols and "how someone could hack into their network and create havoc". This was the only question I couldn't answer definitively and told them I would get back to them. So my question is: How is the control and management traffic encrypted ( I presumed it was) on the LAN and WLAN? I cannot find ANYTHING in the Aerohive literature or on the web. Many thanks in advance.
Photo of Daniel Capano

Daniel Capano

  • 2 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 2
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I do not know the full details of the cipher but AES is documented as being used, I suspect it will be 128-bit AES in CBC mode:

"When HiveAPs are powered on, they start to search for both wired and wireless HiveAP neighbors, and if neighbors are found with the same hive name and shared secret, they can build AES secured connections to each other."

I am, however, curious how that shared secret is distributed in a secure way to begin with. The security/integrity of key distribution, from first principles - an AP that is factory reset to one functioning in a Hive, does not appear to be documented.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Photo of Daniel Capano

Daniel Capano

  • 2 Posts
  • 0 Reply Likes
Thanks Nick. I read the paper, along with a lot of other documents - nothing definitive on this. I called Aerohive Tech support and was told " Yes, it is encrypted" but could get no other details. It is apparent L3-7 is encrypted; the concern is the control traffic vulnerability, if it is a concern at all.