Connectivity and Data Protection
TKIP adds the following strengths:
48-bit initialization vectors
WPA with TKIP uses 48-bit IVs (as compared to 24-bit IVs with WEP)
that significantly reduce IV reuse and the possibility that a hacker will
collect a sufficient number of 802.11 frames to crack the encryption.
Per-packet key construction and distribution
WPA relies on IV, albeit a larger IV, for per-packet key uniqueness,
same as WEP. WPA introduces the master key concept from which it
periodically regenerates and redistributes new session keys.
A new message integrity check (MIC)
Called, “Michael”, the new MIC is 8 bytes long and used in addition to
the existing WEP ICV.¹ This new MIC adds strength to the existing
ICV for prevention of in-transit bit-flipping attacks.
Figure 3.11 shows the construction of a TKIP-enhanced data frame.
Note that TKIP adds 4 additional octets to extend the IV field, and the
Michael MIC adds an additional 8 octets over and above the WEP ICV.
The maximum MSDU remains 2304 bytes, but the frame is extended
appropriately for each encryption type used (WEP (8), TKIP (20), or
CCMP (16)).
A point of interest when using TKIP that the analyst should be aware of
is when fragmentation is also in use. TKIP appends the MIC at the end
of the MSDU payload. The Michael MIC is 8 octets in size, and the
802.11 MAC then applies its normal processing to transmit this
MSDU-with-MIC as a sequence of one or more MPDUs. This means
the MSDU plus MIC can be partitioned into one or more MPDUs, the
WEP ICV is calculated over each MPDU, and the MIC can even be
partitioned to lie in two MPDUs after fragmentation. So, an
unfragmented MPDU is increased by 20 octets as we have mentioned,
first by adding 8 octets to the MSDU then by adding 12 octets to the
MPDU. But each MPDU of a series of fragments is only increased by
1
The terms ICV, MIC, and FCS are essentially interchangeable in this context.
