Table of Contents
- Web Application Security
- Operating System Security
- Network Security
- Hardening Your System
- Wireless Basics
- Frequency and Data
- Using the Spectrum
- Why is Wireless Security Important?
- Wired Equivalent Privacy (WEP)
- MAC Filtering
- Radiation Zone
- Demilitarized Zone (DMZ)
- Virtual Private Network (VPN)
- Remote Authentication Dial-In User Service (RADIUS)
- Setting Up Windows 2003 for PEAP
- Setting Up Windows 2003 for PEAP, Part 2
- Setting Up Windows 2003 for PEAP, Part 3
- Temporal Key Integrity Protocol (TKIP)
- Advanced Encryption Standard (AES)
- Secure Sockets Layer (SSL)
- Intrusion-Detection System (IDS)
- Wireless Intrusion Detection Solutions
- Practical SOHO Public WLAN Setup
- ZoneCD: The Secure Way to Share Your Internet Connection
- ZoneCD, Part 2: Online Configuration Options
- ZoneCD, Part 3: Gateway Options
- Natural Wi-Fi Jamming
- Wi-Fi Protected Access (WPA)
- WPA Part 2: Weak IV's
- WPA Part 3: WPA Fixes
- Securing Your Wireless PDA Connection
- Securing Your Wireless PDA Connection, Part 2
- Wireless Intrusion Detection Tools
- Wireless Intrusion Detection Tools, Part 2
- Wireless Intrusion Detection Tools, Part 3
- Handheld/PDA/Smartphone Wireless Sniffing
- Airpwn: Owning the Airwaves
- Wireless Denial of Service Attacks
- Wireless RF Audits
- Professional RF Analyzers
- Open Source Tools: ntop
- War-Driving Exposed
- Wireless Karma
- Handheld War-driving
- Byte-Sized Decryption of WEP with Chopchop, Part 1
- Byte-Sized Decryption of WEP with Chopchop, Part 2
- Fragmentation Attacks
- WEP Fragmentation Attack in Detail
- Windows Wireless Sniffers
- Penetration Testing with SILICA
- Owning the Auditors: WPA-PSK and USB Sticks
- Owning the Auditors: Cain and Abel
- The 10 Minute Wireless VPN: iPIG
- Informit Articles and Sample Chapters
- Mobile Security
- Data Forensics
- Legal and Ethical Issues of Security
- Home User Security
- Job Security for the IT Security Industry
- A Biased Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Security of Mechanical Locks
- Information Security in Academics
- Holiday Security: Hackers Don’t Take Holidays
- Gary McGraw on Building Secure Software
- Gary McGraw on Exploiting Online Games
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
- Questions from RSA 2007
- How to Steal 80,000 Identities in One Day
Temporal Key Integrity Protocol (TKIP)
Last updated May 23, 2003.
The Temporal Key Integrity Protocol (TKIP) is a recent security feature offered by various vendors to correct the weak WEP problem. It was developed by some of the same researchers who found the weaknesses in how RC4 was implemented. TKIP corrects these weaknesses and more.
This new protocol still uses RC4 as the encryption algorithm, but it removes the weak key problem and forces a new key to be generated every 10,000 packets or 10KB, depending on the source. In addition, it hashes the initialization vector (IV) values that are sent as plaintext in the current release of WEP. This means that IVs are now encrypted and are not as easy to sniff out of the air. Because the first three characters of the secret key are based on the three-character IV, the hashing of this value is a must. Without protecting the IV from casual sniffing attacks, a hacker can turn a 64-bit key (8 characters x 8 bytes in a bit) into a 40-bit key (83=5 characters x 8 bytes in a bit).
Also included in TKIP is a stronger and more secure method of verifying the integrity of the data. Called the Message Integrity Check, this part of TKIP closes a hole that would allow a hacker to inject data into a packet so the hacker can more easily deduce the streaming key used to encrypt the data. If the hacker knows any two of the XOR values, he can calculate the third. Therefore, by injecting known data into a packet and capturing it after it has been encrypted, the hacker can determine the encrypted value and the plaintext value. When values are XORed together, the result is the Pseudo Random Generation Algorithm (PRGA) streaming key. Once the PRGA for any packet is known, the hacker can reuse it to create his own encrypted packetswithout ever knowing the secret key. This is possible because the hacker can take the deduced PRGA value and XOR it with his choice of text. The result of this is a properly encrypted packet. The hacker then simply appends the same IV value he pulled from the hacked packet and reapplies it to the newly created packet. Thus, the hacker could completely bypass the creation of the Key Scheduling Algorithm (KSA), which is the only part of the encryption process that requires the password, and there are tools to automate this.
An XOR calculation is used to compare two bit-level values and create a third. Basically, using the following chart, two characters or numbers can be compared at the binary level (1's and 0's) to create a third binary value. This operation is extremely easy for a computer to do, and is fast. However, the process can also be reversed. If the result of an XOR calculation is XOR'd with one of the original values, the other original value will be deduced.
XOR :-------- XOR :--------
Once received by the access point, this packet is deciphered by using the appended IV values and the password used by the access point. Then the KSA is created, which is used to create the PRGA value that the hacker used to encrypt his packet. Then the PRGA streaming key is XORed with the encrypted packet and that information is passed on.
With the new Message Integrity Check, this type of exploit is impossible. By verifying that the packet was not altered, and by dumping any packet that appears to be, the hacker will not be able to easily determine the PRGA. In addition, hashing the IVs creates yet another obstacle to any hacker who somehow deduces the PRGA. The hacker would have to determine the correct value of the hashed IVs, which is probably based on the data in the encrypted packet.
However, and even with all this extra security, TKIP is designed like the current version of WEP. This similarity allows TKIP to be backwardly compatible with most hardware devices. This also means that consumers merely have to update their firmware or software to bring their WLANs up to par.
While this new security measure is important, it's only temporary. TKIP is like a simple bandage to patch the hemorrhaging artery of WEP security. This is because TKIP still operates under the condition that a hacker only has to crack one "password" in order to gain access to the WLAN. This is one of the major factors that caused the current release of WEP to be crackable. If WEP included a multifaceted security scheme using stronger encryption and/or multiple means of authentication, a hacker would have to attack the WLAN from several points, thus making WEP cracking much more difficult.
Therefore, if you own WLAN gear, keep a close eye on the vendor patch list to see when they will be releasing the update. You may also want to send email to their support department to get your name on an email list to be notified once they have a patch. If you don't own a WLAN and are looking to purchase one, consider looking for one with this option built into it. The only other option is to wait until the next standardized wireless products are released using the 802.11i standard.