TKIP

From Wikipedia, the free encyclopedia

For the Communist Workers Party of Turkey, see separate article.

In cryptography, TKIP (Temporal Key Integrity Protocol) is a security protocol used in Wi-Fi Protected Access (WPA). WPA is used for WiFi networks to correct deficiencies in the older Wired Equivalent Privacy (WEP) standard. TKIP (pronounced "tee-kip") was designed to replace WEP without replacing legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and the solution to this problem could not wait for the replacement of deployed hardware. For this reason, TKIP, like WEP, uses a key scheme based on RC4, but unlike WEP, TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism. TKIP ensures that every data packet is sent with its own unique encryption key.

Key mixing increases the complexity of decoding the keys by giving the cracker much less data that has been encrypted using any one key. The message integrity check prevents forged packets from being accepted. Under WEP it was possible to alter a packet whose content was known even if it had not been decrypted. Also TKIP hashes the initialization vector (IV) values, which are sent as plaintext, with the WPA key to form the RC4 traffic key, addressing one of WEP's largest security weaknesses. WEP simply concatenated its key with the IV to form the traffic key, allowing a successful related key attack.

[edit] References

  • Jon Edney and Arbaugh, Real 802.11 Security: Wi-Fi Protected Access and 802.11i, Addison Wesley, 2003 (Updated in 2004), ISBN 0-321-13620-9.