Use of the MIC verifies that the packet was not modified in transit and that the
source and destination addresses were not changed. The ability to verify message integrity
is viewed by cryptographers to be as important as, if not more important than, the privacy
provided by encryption. The MIC is required to prevent the ???bit-flipping??? attacks identified
in [2]. A MIC algorithm known as ???Michael??? is the TKIP MIC [12].
Because of the design constraint that the TKIP MIC be implementable on legacy
WEP devices, Michael is a relatively weak MIC algorithm. Countermeasures are
introduced, which log MIC-error events and rate-limit the number of MIC failures. This
prevents an attacker from generating a large number of forgery attempts within a short
period of time. For example, countermeasures require that if 2 MIC-error frames are
received within 60 seconds at an AP, that the AP disassociate all TKIP stations, and not
accept any new stations using TKIP for 60 seconds.
7.3.4 AES Based Encryption and Data Authentication
The Advanced Encryption Standard (AES) Rijndael algorithm [14] was selected by NIST
[15] as the next-generation encryption algorithm, to replace DES and 3DES.
Pages:
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395