How TKIP Addresses the Weaknesses in WEP
TKIP is a set of modifications the IEEE 802.11i task group
created as a measure to augment security issues found in the existing WEP
algorithm. WEP is susceptible to forgery, weak-key, collision, and replay
attacks. The algorithm in TKIP address these weaknesses. WEP does not support
per-packet authentication, resulting in a vulnerability to forgery attacks.
Encrypted packets can be captured, some of the data changed, and then the
modified packets can be resent. TKIP mitigates this risk through the use of
Message Integrity Check (MIC), which verifies whether the message has been
tampered with during data transmission by using a verification routine sent with
the data packet routed to the receiver. The use of MIC features does add a
significant amount of network overhead and can result in decreased network
throughput. This degradation should be considered when deciding whether to use
TKIP as part of a WLAN security profile.
The per-packet RC4 key is constructed in WEP by concatenating the
RC base key and the packet Initialization Vector (IV). A weak-key attack derives
the RC4 base key by analyzing a series of packets with different IVs to exploit
WEP's static key problem. TKIP mitigates this risk through the use of key-mixing to derive short-lived
encryption keys. This process begins with a 128-bit "temporal key" shared
between clients and access points. The key encrypting the data is produced,
combining the temporal key with the client's MAC address and a relatively large
(48-bit) initialization vector. Each station uses different key streams to
encrypt the data as a result of this process. The temporal keys are typically
defaulted to change every 10,000 packets in TKIP's dynamic scheme to minimize
cracking opportunities for eavesdroppers and to eliminate eventual key
duplication. Because the volume of traffic will vary across the network, the
TKIP scheme will also vary, making it unpredictable and harder to exploit than
WEP.
TKIP increases the number of bits used for the IV from 24 to 48 to
increase the possible number of IVs that can be used and discards packets
received with numbers that are lower than previous packets so that duplicate
keys are not possible. This eliminates the risk of collision attacks. Collision
attacks occur when repeated keys using the same IV are used. Such reuse would
allow transmitted data to be recovered by an attacker over time.
A replay attack occurs when an attacker eavesdrops and
records transmitted data. The recorded data is then replayed at a later time. A
replay attack on a security protocol uses the replay of messages from a
different context, substituting false or erroneous data into the original
message, thereby fooling the honest participant(s) into thinking they have
successfully completed the protocol exchange without incident. A sequence number
for generated packets is used by TKIP to address this type of attack. After the
TKIP keys are regenerated, both the sender and receiver sequence is reset back
to zero and starts over. The sequence is incremented by one for each packet
sent, and the receiver will discard any packet that arrives out of sequence. A
replay attack cannot be detected by MIC.
Sections
Archive
Syndication
