TKIP

What is TKIP?

TKIP refers to Temporal Key Integrity Protocol. It is a security standard used by IEEE 802.11 wireless networks. It was designed by the IEEE 802.11i task group and the Wi-Fi Alliance. It is an improvement over the Wired Equivalent Privacy security.

TKIP Background

The primary aim of creating TKIP was to replace WEP without having to replace legacy hardware. The need for this arose when WEP was breached, and Wi-Fi networks were left without viable link-layer security.

TKIP was first endorsed by the Wi-Fi Alliance on October 31, 2002 under the name Wi-Fi Protected Access (WPA). On July 23, 2004, its final version was approved by the IEEE under the name IEEE 802.11i, along with other solutions such as the 802.1X and the CCMP. The Wi-Fi Alliance adopted its full specifications under the marketing name WPA2 soon after.

TKIP Technical Details

The following points outline TKIP’s technical details and its improvements from WEP:

1. TKIP uses the RC4 stream cipher and 128-bit keys for encryption. This adds to the short key length used by WEP.

2. As an enhancement to WEP, TKIP adds a key mixing function for each packet in order to disassociate the public initialization vectors from weak keys. This is possible because the mixing is designed to put minimum demand on the stations and access points while providing enough cryptographic strength to keep them from breaking easily.

3. Each of the Packets transmitted via TKIP is assigned a unique 48-bit serial number which increases each time a new packet is transmitted or used as an initialization vector. This feature avoids a WEP problem called “collision attacks”, which happens when the same key is used for two different packets. Using the serial number as the initialization vector also aids in avoiding another WEP problem dubbed as “replay attacks”, because it will take a long time before a 48-bit sequence number needs to be repeated.

4. TKIP generates a new base key each time a wireless station associates with an access point. Together with the IEEE 802.1X authentication, the session secret cannot be repeated and is transmitted securely to the station via the authentication server.