TKIP Encryption Mechanism

The TKIP encryption protocol was introduced to rectify the fallacies seen with WEP encryption till a time when a more secure encryption mechanism was developed (AES). Hence, the networks that supported TKIP became a Transition Stationary Network.

The TKIP algorithm applied the below modifications to the existing WEP algorithm to address the WEP vulnerabilities

  1. The transmitter calculates a cryptographic message integrity code (MIC) over the MSDU SA and DA, the MSDU priority, and the MSDU plaintext data.
  2. It incorporated Counter-measures in case the TKIP MIC was somehow compromised. TKIP Counter-measures reduces the probability of a forgery attack significantly
  3. TKIP provides replay protection by using a per-MPDU TKIP sequence counter (TSC) to sequence the MPDUs it transmits. The receiver drops MPDUs received out of order, i.e., not received with increasing sequence numbers.
  4. TKIP uses a cryptographic mixing function to combine a temporal key, the TA, and the TSC into the WEP seed. The receiver recovers the TSC from a received MPDU and utilizes the mixing function to compute the same WEP seed needed to correctly decrypt the MPDU. The key mixing function is designed to defeat weak-key attacks against the WEP key.

The TKIP encryption scheme did not require additional Hardware requirements and could be implemented on top of WEP hardware. Hence, TKIP encryption scheme was widely employed for a period of time till the advent of Robust Security Networks.

TKIP uses the same format as the WEP Encryption frame format with an additional Extended Initialization Vector (IV) field (4 bytes) and Michael Integrity Check (MIC) field (8 bytes). The TKIP MPDU format is shown below

TSC0- TSC5 – TKIP Sequence Counter (6 bytes in length) – TSC0 and TSC1 form the IV sequence Number for TKIP phase 2 mixing and TSC2-TSC5 are used in phase 1 key hashing

Ext IV bit – bit incorporated to indicate if Extended IV is present or not. For TKIP, this bit is always set to 1.

Key ID – Key index

WEPSeed[1] – it is set to (TSC1 | 0x20) & 0x7f

MIC – Michael integrity check

The TKIP Sequence counter is used to prevent replay attacks. If the TSC exhausts to zero, the TKIP Key needs to be refreshed.

The TKIP encapsulation and TKIP decapsulation process is explained in the following articles

TKIP Encapsulation

Comments

  1. Pingback: Opportunistic Key Caching (OKC) | Hitch Hiker's Guide to Learning

Leave a Reply

Your email address will not be published. Required fields are marked *