Sunday, May 16, 2010

Unsecured Wifi and we---------Part-5

What is TKIP

Dear Friends,

The topic has become interesting here as one of my valuable reader has shared his valuable knowledge with us for explaining more easily about some codes which are used in Wi-fi. TKIP is one of them and for that I have decided to post that technical term in front page for all of us and making this topic more attractive. So lets have a look on that comment

Sitanshu said...

Dear Sujit/Sudipto,

Thank you for a fantastic article on WLAN Security.

I thought that our readers deserve a bit more. There are many advanced users who would like to know more about TKIP, MIC, WPA, WPA2.

I'm therefore posting this article to explain to our valuable advanced readers the inner details of TKIP and MIC.

TEMPORAL KEY INTEGRITY PROTOCOL (For upgrading a WEP based Wi-Fi Network)

The (TKIP) Temporal key Integrity Protocol was an interim solution developed to fix the key reuse problem of WEP. By key reuse we mean that a single key was used to encrypt all packets in the transmission. Once you examined enough packets as mentioned in an earlier posting you could build the key using XOR operations (WEP Key Builder uses that concept)
TKIP later became part of the 802.11i and subsequently part of WPA and WPA2 standards. I have mentioned in a previous posting that both WPA and WPA2 are interim steps towards moving to 802.11i.

TKIP was included in the 802.11i standards for backwards compatibility. The 802.11i standard did not want to use a cipher based RC4, so they chose AES (Advanced Encryption Standard). TKIP was put into 802.11i for the sole reason of helping older devices transition to 802.11i. To do this, 802.11i needed to support a protocol that could easily upgrade WEP to something safe enough to include in 802.11i.. WEP as we all know was weak and flawed. Using TKIP protected against attacks and reduced the overall risk of operating a wireless network.
Today, Cisco differentiates its versions of TKIP and the standard one by calling it the Cisco Key Integrity Protocol (CKIP).
The TKIP encryption portion works in a two-phase process. The first phase generates a session key from a temporal key, TKIP sequence counter (TSC), and the transmitter’s MAC address. The temporal key is made up of a 128-bit value similar to the base WEP key value. The TKIP sequence counter (TSC) is made up of the source address (SA), destination address (DA), priority, and the payload or data. Once this phase is completed, a value called the TKIP-mixed transmit address and key (TTAK) is created. This value is used as a session-based WEP key in the second phase.
In the second phase, the TTAK and the IV are used to produce a key that encrypts the data. This is similar to how WEP is processed. In WEP the first 24 bits of the IV are added in front of the WEP key and then used to create an encryption key that is applied to the data. Then the IV is inserted into the packet header.
The basis of TKIP came from the WEP protocol. In the 802.11i standard, TKIP is referred to as a cipher suite enhancing the WEP protocol on pre- RSNA hardware. This is espoused because RC4 is still used as a cipher, although the technique in which it is used has improved greatly.

The article continues.....

Thanking you

Urproblemmysolution Team

No comments: