Temporal Key Integrity Protocol

Temporal Key Integrity Protocol

Temporal Key Integrity Protocol or TKIP is a security protocol used in the IEEE 802.11 wireless networks.

Background

TKIP (pronounced "tee-kip") was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as a solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware.

On October 31 2002, the Wi-Fi Alliance endorsed TKIP under the name Wi-Fi Protected Access (WPA).cite web |url=http://wi-fi.org/pressroom_overview.php?newsid=55 |date=2002-10-31 |accessdate=2007-12-21| work=Wi-Fi Alliance| title=Wi-Fi Alliance Announces Standards-Based Security Solution to Replace WEP] The IEEE endorsed the final version of TKIP, along with more robust solutions such as 802.1X and the AES based CCMP, when they published IEEE 802.11i-2004 on 23 July 2004.cite web|url=http://standards.ieee.org/getieee802/download/802.11i-2004.pdf |format=pdf |title=IEEE 802.11i-2004: Amendment 6: Medium Access Control (MAC) Security Enhancements |date=2004-07-23 |publisher=IEEE Standards |accessdate=2007-12-21] The Wi-Fi Alliance soon afterwards adopted the full specification under the marketing name WPA2.cite web |url=http://wi-fi.org/pressroom_overview.php?newsid=31 |date=2004-09-01 |accessdate=2007-12-21| work=Wi-Fi Alliance| title=Wi-Fi Alliance Introduces Next Generation of Wi-Fi Security]

Technical Details

TKIP is a wrapper that goes around the existing WEP encryption. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128 bits long. This solves the first problem of WEP: the key length is too short.

An important part of TKIP is that it changes the key used for each packet. This is the 'Temporal' part of the picture. The key is created by mixing together a combination of things, including a base key (called a Pairwise Transient Key in TKIP parlance), the MAC address of the transmitting station, and the serial number for the packet. The mixing operation is designed to put a minimum demand on the stations and access points, yet have enough cryptographic strength so that it cannot easily be broken.

Each packet transmitted using TKIP has a unique 48-bit serial number that is incremented every time a new packet is transmitted and used both as the Initialization Vector and part of the key. Putting a sequence number into the key ensures that the key is different for every packet. This solves another problem of WEP, called 'collision attacks', which can occur when the same key is used for two different packets. With different keys, there are no collisions.

Having the serial number of the packet also be the initialization vector helps to reduce yet another WEP problem, called "replay attacks." Because a 48-bit sequence number will take thousands of years to repeat itself, no one can replay old packets from a wireless connection—they will be detected as out of order because the sequence numbers won't be right.

The last, and most important, piece that is mixed into the TKIP key is the base key. Without a way to generate unique base keys, TKIP would solve many of WEP's problems, but not its worst one: the constant reuse of a well-known key by everyone on the wireless LAN. To deal with this, TKIP generates the base key that is mixed into the per-packet key. Each time a wireless station associates to an access point, a new base key is created. This base key is built by hashing together a special session secret with some random numbers (called nonces) generated by the access point and the station as well as the MAC address of the access point and the station. With IEEE 802.1X authentication, the session secret is unique and transmitted securely to the station by the authentication server; when using TKIP with pre-shared keys, the session secret is the same for everyone and never changes—hence the vulnerability of using TKIP with pre-shared keys.

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Temporal Key Integrity Protocol — oder kurz TKIP ist ein Sicherheitsprotokoll für drahtlose Netzwerke gemäß IEEE 802.11 Standard. TKIP (/ˌtiːˈkɪp/) wurde von der IEEE 802.11i Arbeitsgruppe in Zusammenarbeit mit der Wi Fi Alliance entwickelt, um WEP, ohne dass neue bzw.… …   Deutsch Wikipedia

  • Temporal Key Integrity Protocol — TKIP (Temporal Key Integrity Protocol) est un protocole de communication utilisé pour la protection et l authentification des données transitant sur un réseau Wi Fi. Destiné à remplacer le WEP, protocole ayant de nombreuses faiblesses, TKIP est… …   Wikipédia en Français

  • pre-shared key — noun A TKIP passphrase used to protect your network traffic in WPA. A mechanism in Wi Fi Protected Access (WPA) Personal that allows the use of manually entered keys or passwords to initiate WPA security. The PSK is entered on the access point or …   Wiktionary

  • TKIP — Temporal Key Integrity Protocol TKIP (Temporal Key Integrity Protocol) est un protocole de communication utilisé pour la protection et l authentification des données transitant sur un réseau Wi Fi. Destiné à remplacer le WEP, protocole ayant de… …   Wikipédia en Français

  • TKIP — Temporal Key Integrity Protocol (Computing » Telecom) Temporal Key Integrity Protocol (Computing » Security) …   Abbreviations dictionary

  • Wireless security — An example wireless router, that can implement wireless security features Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Many laptop computers have wireless cards pre installed. The… …   Wikipedia

  • Защита в Wi-Fi сетях — Стандарт Wi Fi разработан на основе IEEE 802.11 (англ. Institute of Electrical and Electronics Engineers), используется для широкополосных беспроводных сетей связи. С точки зрения безопасности, следует учитывать среду передачи сигнала, в… …   Википедия

  • Wi-Fi Protected Access — (WPA et WPA2) est un mécanisme pour sécuriser les réseaux sans fil de type Wi Fi. Il a été créé en réponse aux nombreuses et sévères faiblesses que des chercheurs ont trouvées dans le mécanisme précédent, le WEP. WPA respecte la majorité de la… …   Wikipédia en Français

  • WPA-PSK — Wi Fi Protected Access Wi Fi Protected Access (WPA et WPA2) est un mécanisme pour sécuriser les réseaux sans fil de type Wi Fi. Il a été créé en réponse aux nombreuses et sévères faiblesses que des chercheurs ont trouvées dans le mécanisme… …   Wikipédia en Français

  • WPA2 — Wi Fi Protected Access Wi Fi Protected Access (WPA et WPA2) est un mécanisme pour sécuriser les réseaux sans fil de type Wi Fi. Il a été créé en réponse aux nombreuses et sévères faiblesses que des chercheurs ont trouvées dans le mécanisme… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”