TKIP stands for Temporal Key Integrity Protocol. It is part of the IEEE 802.11 encryption standard for wireless networks.

The IEEE 802.11i task group and the Wi-Fi Alliance created the TKIP as a replacement to the Wired Equivalency Protocol (WEP), which is used to secure 802.11 wireless networks. The necessity resulted from the break of WEP which had left Wi-Fi networks without any workable link-layer security.

TKIP Solutions to WEP

TKIP uses the same encryption engine and the RC4 stream cipher defined for WEP. However, TKIP uses 128 key bits for encryption and 64-bit keys for authentication. This feature solves the very short key length used in WEP.

TKIP also enhances WEP by changing the key used for each packet. Each key is a combination of a Pairwise Transient Key, the MAC address of the transmitting station, and the packet’s unique 48-bit serial number. This mixing function is designed to put minimum demand on the stations and access points, while retaining enough cryptographic strength to keep it from breaking easily.

Moreover, the unique 48-bit serial number assigned to each packet acts as the initialization vector and part of the key. Assigning a sequence number into the key diminishes the possibility of “collision attacks”, which occur when the same key is used for two different packets.

The serial number, functioning as the initialization vector, helps in the reduction of “replay attacks” as a 48-bit sequence number will take an incredibly long time to repeat itself. Packets from wireless connections are difficult to replicate as they will be detected as out of order because the sequence numbers is not correct.

Another vital feature that is mixed into the TKIP key, and therefore enhancing WEP, are the base keys. These base keys that are mixed into each packet are uniquely generated every time a wireless station associates with an access point. They are a combination of a special session secret with random numbers, which are generated by the access point, the station, and the MAC addresses of the access point and the station. Using a uniquely generated base key each time solves the dilemma of constantly using the same key in the wireless LAN.