This enables each transmitting station
Wireless Local Area Network Security 148
to generate a unique IV stream and thus prevents the reuse of IV values among stations
using a shared secret key. IV values must not be reused, to prevent the reuse of RC4 key
streams and subsequent data recovery attacks.
A simplified description of the TKIP per-frame hash algorithm is shown below. The
details of the hash function are provided in [8]. The algorithm is described in two phases,
both of which use S-boxes to mix and substitute 16-bit values. In phase 1, the 128-bit
temporal key, the high 32 bits of the transmitting station??™s MAC address and the Sequence
Counter (IV) are hashed into an 80-bit value, composed of 5-16-bit values, as illustrated in
Figure 7.1.
Tx MAC Address
High 32 bits
128-bit Temporal Key,
Sequence Ctr
80-bit Array Phase 1
Hash 16 bits
Figure 7.1: Phase 1 hash.
Phase 2 of the temporal key hash function takes the 80-bit array from phase 1,
together with the Temporal Key and Sequence Counter (IV), and generates a 128-bit perframe
key. As the name implies, the key that is generated will be used for one frame only;
the phase 2 hash is calculated for each frame that is encrypted (Figure 7.
Pages:
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392