The TKIP decapsulation Process is shown below
FIG Courtesy: 802.11 Standard
Description of the parameters
TA – Transmitter address
TK – Temporal Key
TSC – TKIP Sequence Counter
Priority – QoS TID Priority – set to 0 if QoS control field is not present
MIC Key – MIC Receiver Key (64 bits) obtained during EAPOL handshake
TTAK – TKIP-mixed transmit address and key
The decapsulation process is explained below (from the 802.11-2012 standard)
- Before WEP decapsulates a received MPDU, TKIP extracts the TSC sequence number and key identifier from the WEP IV and the extended IV. TKIP discards a received MPDU that violates the sequencing rules (Ii.e. a frame whose TKIP sequence counter is not monotonically increasing higher value.
- TKIP represents the WEP seed as a WEP IV and ARC4 key and passes these with the MPDU to WEP decapsulation.
- If WEP indicates the ICV check succeeded, the implementation re-assembles the MPDU into an MSDU. If the MSDU defragmentation succeeds, the receiver verifies the TKIP MIC. If MSDU defragmentation fails, then the MSDU is discarded.
- The MIC verification step re-computes the MIC over the MSDU SA, DA, Priority, and MSDU Data fields (but not the TKIP MIC field). The calculated TKIP MIC result is then compared bit-wise to the received MIC.
- If the received and the locally computed MIC values are identical, the verification succeeds, and TKIP shall deliver the MSDU to the upper layer. If the two differ, then the verification fails; the receiver shall discard the MSDU and shall engage in appropriate countermeasures.
TKIP employs a MIC (Michael Integrity Check) on the sent packet to verify that the packet is sent by a genuine WLAN station associated to the network. We shall understand the need for TKIP MIC and the frame format and calculation