The TKIP encapsulation process is shown below FIG Courtesy – 802.11 Standard Description of the parameters TA – Transmitter address TK – Temporal Key TSC – TKIP Sequence Counter Priority – QoS TID Priority – set to 0 if QoS control field is not present MIC Key – MIC transmitter Key (64 bits) obtained during […]
TKIP Decapsulation
The TKIP decapsulation Process is shown below FIG Courtesy: 802.11 Standard Description of the parameters TA – Transmitter address TK – Temporal Key TSC – TKIP Sequence Counter Priority – QoS TID Priority – set to 0 if QoS control field is not present MIC Key – MIC Receiver Key (64 bits) obtained during EAPOL […]
TKIP MIC – Need and MIC Format
The TKIP Michael Integrity check prevents forgery attacks. The MIC is a 64 bit (8 byte) value. The MIC in itself is weak and hence is encrypted and sent along with the MSDU. Since the ICV (Integrity Check Value) is computed on an MPDU in the MAC layer, The Michael Integrity check provides an upper […]
RSN Information Element
The RSN information element was brought out by the IEEE 802.11i Task Group. RSN stands for Robust Security Network and it made AES cipher mandatory with the use of Robust Security Network. The TKIP cipher can be used as Multicast/Broadcast cipher and so can WEP-40/WEP104, but if the authentication method is 802.1X then WEP-40/WEP-104/TKIP are […]
EAPOL 4-Way Handshake
EAPOL stands for Extensible Authentication Protocol(EAP) over LAN. A simple 4-way handshake is shown pictorially below A top level description of a successful 4-Way-Handshake is explained below At the start of the 4-way handshake, both the Access Point and the 802.11 station contain the PMK The Access Point and the 802.11 Station generate a random […]
TKIP Replay Protection
TKIP provides a 48 bit (6 bytes) monotonically increasing Transmit Sequence Counter (TSC) which it appends to each packet. If any TKIP packet is received wherein the TSC value is lesser than or equal to current Replay counter value – the frame is silently discarded. The 802.11 standard defines a set of rules for TKIP […]
AES Encapsulation
The AES Encryption process involves encryption of the data part of the MPDU. The CCMP Encapsulation Block diagram is shown below FIG Courtesy: 802.11 Standard Some description of the parameters TK – AES Temporal Key – obtained during EAPOL handshake PN – Packet Number – initialized to 1 when the Temporal Key (TK) is initialized […]
AES Encryption Mechanism
The AES encryption scheme was introduced in 802.11i for use in Robust Security Networks. The AES encryption mechanism that is used is “CTR with CBC-MAC Protocol (CCMP)”. As stated in the 802.11-2012TM Standard – CCMP works on the following parameters and provides the following security features “CCMP is based on the CCM of the AES […]
WLAN (802.11) Authentication and Data Security
WLAN standard has evolved from the early days of Wi-Fi to the present day in the area of authentication mechanisms and security for WLAN devices. Authentication mechanisms and security are two separate entities and should not be confused with one another. Authentication mechanisms provide a means to gain access to a particular network Security provides […]
WLAN Shared Key Authentication
In contrast to Open System Authentication, in Shared Key Authentication the key that would be used for data security is used to authenticate the WLAN station. The Below steps are followed in Shared Key Authentication Authentication request sent by WLAN (802.11) STA to Access Point AP sends a challenge text to 802.11 STA (in cleartext) […]