3.1 WPA TKIP
The IEEE's primary response to the problems of WEP was Temporal Key Integrity
Protocol (TKIP). TKIP acts as a wrapper for WEP, adding a layer of security around
WEP's otherwise weak encryption.
One of the first problems TKIP solves is that of key length. WEP uses small keys, and
their effective length is shorter due to several design flaws. TKIP uniformly uses a 128-bit
encryption key, and while WEP can support 128-bit encryption keys, maintaining
compatibility with older WEP devices inevitable leads to standardization upon 64-bit
encryption keys within a wireless network. However, TKIP still makes use of RC4, a
relatively weak encryption algorithm that was used due to hardware constraints on most of
the devices originally designed to provide WEP.
TKIP also reduces the chance of replay attackers. TKIP expands the initialization
vector (IV) to 48 bits from 24 bits, and combines this IV with the fixed key in a more
cryptographically secure manner. Using a 48-bit IV means that any particular value of the
IV cannot be duplicated with a particular key. Thus, packets cannot be replayed.
Guaranteeing that a particular key-IV pair is never reused also denies an attacker the ability
to capture multiple packets that are identically encrypted, which would lead to the ability to
extract the plain text messages.
Pages:
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363