Home > Guides > Security > General Security and Privacy

Security Reference Guide

Hosted by

Toggle Open Guide Table of ContentsGuide Contents

Close Table of ContentsGuide Contents

Close Table of Contents

Temporal Key Integrity Protocol (TKIP)

Last updated May 23, 2003.

The Temporal Key Integrity Protocol (TKIP) is a recent security feature offered by various vendors to correct the weak WEP problem. It was developed by some of the same researchers who found the weaknesses in how RC4 was implemented. TKIP corrects these weaknesses and more.

This new protocol still uses RC4 as the encryption algorithm, but it removes the weak key problem and forces a new key to be generated every 10,000 packets or 10KB, depending on the source. In addition, it hashes the initialization vector (IV) values that are sent as plaintext in the current release of WEP. This means that IVs are now encrypted and are not as easy to sniff out of the air. Because the first three characters of the secret key are based on the three-character IV, the hashing of this value is a must. Without protecting the IV from casual sniffing attacks, a hacker can turn a 64-bit key (8 characters x 8 bytes in a bit) into a 40-bit key (8–3=5 characters x 8 bytes in a bit).

Also included in TKIP is a stronger and more secure method of verifying the integrity of the data. Called the Message Integrity Check, this part of TKIP closes a hole that would allow a hacker to inject data into a packet so the hacker can more easily deduce the streaming key used to encrypt the data. If the hacker knows any two of the XOR values, he can calculate the third. Therefore, by injecting known data into a packet and capturing it after it has been encrypted, the hacker can determine the encrypted value and the plaintext value. When values are XORed together, the result is the Pseudo Random Generation Algorithm (PRGA) streaming key. Once the PRGA for any packet is known, the hacker can reuse it to create his own encrypted packets—without ever knowing the secret key. This is possible because the hacker can take the deduced PRGA value and XOR it with his choice of text. The result of this is a properly encrypted packet. The hacker then simply appends the same IV value he pulled from the hacked packet and reapplies it to the newly created packet. Thus, the hacker could completely bypass the creation of the Key Scheduling Algorithm (KSA), which is the only part of the encryption process that requires the password, and there are tools to automate this.

Understanding XOR

An XOR calculation is used to compare two bit-level values and create a third. Basically, using the following chart, two characters or numbers can be compared at the binary level (1's and 0's) to create a third binary value. This operation is extremely easy for a computer to do, and is fast. However, the process can also be reversed. If the result of an XOR calculation is XOR'd with one of the original values, the other original value will be deduced.

XOR example:

Orig1:10010010 Reslt:01101101

Orig2:11111111 Orig1:11111111

XOR :-------- XOR :--------

Reslt:01101101 Orig2:10010010

Once received by the access point, this packet is deciphered by using the appended IV values and the password used by the access point. Then the KSA is created, which is used to create the PRGA value that the hacker used to encrypt his packet. Then the PRGA streaming key is XORed with the encrypted packet and that information is passed on.

With the new Message Integrity Check, this type of exploit is impossible. By verifying that the packet was not altered, and by dumping any packet that appears to be, the hacker will not be able to easily determine the PRGA. In addition, hashing the IVs creates yet another obstacle to any hacker who somehow deduces the PRGA. The hacker would have to determine the correct value of the hashed IVs, which is probably based on the data in the encrypted packet.

However, and even with all this extra security, TKIP is designed like the current version of WEP. This similarity allows TKIP to be backwardly compatible with most hardware devices. This also means that consumers merely have to update their firmware or software to bring their WLANs up to par.

While this new security measure is important, it's only temporary. TKIP is like a simple bandage to patch the hemorrhaging artery of WEP security. This is because TKIP still operates under the condition that a hacker only has to crack one "password" in order to gain access to the WLAN. This is one of the major factors that caused the current release of WEP to be crackable. If WEP included a multifaceted security scheme using stronger encryption and/or multiple means of authentication, a hacker would have to attack the WLAN from several points, thus making WEP cracking much more difficult.

Therefore, if you own WLAN gear, keep a close eye on the vendor patch list to see when they will be releasing the update. You may also want to send email to their support department to get your name on an email list to be notified once they have a patch. If you don't own a WLAN and are looking to purchase one, consider looking for one with this option built into it. The only other option is to wait until the next standardized wireless products are released using the 802.11i standard.