11 devices, to avoid requiring a total deployed-base upgrade to provide a
secure system.
TKIP was designed to have a lifetime of about 5 years, and was intended to provide a
secure mechanism that could be deployed on WEP capable hardware. TKIP has met its
design goals. Since 2002, no practical attacks have been mounted against TKIP, and one
theoretical attack [13] has been identified. In 2007, virtually all new WLAN products
support AES-CCMP, and WFA support of WPA2 is required for WFA interoperability
certification. New amendments to the IEEE 802.11 standard are likely to use only CCMP
security (see 7.3.5).
7.3.1 The TKIP Per-Packet Hash Function
The RC4 key used to encrypt a given data frame in WEP is a combination of an
initialization vector (IV) and the secret key. Unfortunately, in the key-scheduling algorithm
of RC4, the first bytes of the key stream are predictable for certain known IV values [4].
Because the IV used to encrypt a given frame is sent in the clear, a passive observer can
easily identify the frames to target for attack. The TKIP per-frame hash function is
introduced primarily to eliminate this flaw in WEP. The hash function is also defined to
include the MAC address of the transmitting station.
Pages:
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391