Connectivity and Data Protection
12 octets! The extra 8 octets are inserted once for the series as though
it were part of the original "raw" MSDU.
FIGURE 3.11
Data Frame Body Format Using TKIP
It is trivial to modify a set of bits in a MSDU such that the WEP ICV
will not be able to detect the change, but the Michael MIC is much
stronger, and it will detect the change. However, Michael is not
invulnerable, and it is still important to protect the BSS from active
attackers. If a TKIP device detects a Michael failure, it will start a
clock, and if there is a second Michael failure within 60 seconds, then
the BSS shuts itself down to limit the damage that an attacker can do.
Before coming back online after two MIC failures in a 60-second
period, the access point (or wireless LAN switch) will re-key all of the
associated stations. This countermeasure limits the rate at which an
attacker can forge frames, but also creates a situation where attackers
could perform Denial of Service (DoS) attacks. To prevent a DoS
attack against Michael, some manufacturers give you the configuration
option of adjusting or disabling this countermeasure.
CCMP
The 802.11i standard calls for use of the Counter-Mode/CBC-MAC
Protocol (CCMP), which provides confidentiality, authentication,
integrity, and replay protection. CCMP is mandatory for RSN
compliance. CCMP is based on the CCM mode of operation of the
