CWSP and TKIP related questions
Last Post: September 10, 2006:
As per the other post on errata about page 402 I too believe the illustration needs to be revised or clarified. What happened to the extended IV field in the MIC enhanced wep frame? See page 79 of the CWAP to see what I am talking about. 4 bytes for IV 4bytes for ext IV then 8 for TKIP MIC then 4 for WEP ICV. Also for further cwsp books consider adding the bytes sizes on the illustrations for they make a good reference as well.
Now a basic question for you TKIP gurus out there. Just curious if anyone has an answer and any clarification would be appreciated.
With regards to TKIP's TSC(sequence counting) to prevent replay attacks.
How does that work with a normal 802.11 mac frame with the retry bit set in the frame control field from the event of natural noise or other(non attack based) reason for the frame to be resent? What are the mechanics?
What if the attacker is using the retry bit to make the frame "appear" as a valid retry from noise? How does TKIP differentiate from the two?
I guess to put it another way how does TKIP's per frame sequence counter determine a valid retried frame? Does the station that is really experiencing noise just increment the TSC and have the frame control's retry bit set??
Here's my understanding of the process, anyone can feel free to correct me if I'm wrong.
The receiver keeps track of the sequence number. If the receiver receives a sequence number (SN) lower than or equal to its highest received SN, it drops the packet.
Now, imagine the scenario where there is interference or a communicatio breakdown of some sort from the receiver to the sender. The sender sends the packet but does not get an ACK. Therefore, the sender resends the packet. If the receiver received the first packet, it will drop the second. The receiver will have sent an ACK after it received the initial packet. The sender will stop trying to resend the packet after 4-7 tries by default.
In the end, the receiver doesn't need to identify the frame as a valid retried frame if it already received it. If indeed it did not, it will not yet have that sequence number and will accept the frame.
Am I missing anything here, or is this pretty much how it works?
IEEE 802.11m (draft 4) section 9.2.9: "The destination STA shall perform the ACK procedure on all successfully received frames requiring acknowledgment, even if the frame is discarded due to duplicate filtering."
I hope this helps. Thanks. /criss
sysedco's points make sense but what about for an attack.
"In the end, the receiver doesn't need to identify the frame as a valid retried frame if it already received it. If indeed it did not, it will not yet have that sequence number and will accept the frame. "
This makes sense and is logical but what about from an attack perspective? Will a frame with the retry bit set but with the TSC equal or lower casue the 802.11 and TKIP FSMs to start the "counter" to shut down the AP and reset all connections again, due to a possible FSM processing of a received frame with the Retry bit set.
As for the ACK process I am CWAP rusty, too busy with the thermo work. But even if for example, STA A receives a frame then acks then STA B sends the same frame agian but with the retry bit set and STA A receives it, does the received frame just cause STA A's FSM to thus "process" that frame and thus resulting in a possible equal/lower TSC exploit???? If anyone tests or believes so I will add to an updated Hack the MAC doc.
this is not an answer. i saw something like msdu and mpdu in the standard. i didn't know what they were. then i saw the following from
TKIP is comprised of the following elements:
A message integrity code (MIC) provides a keyed cryptographic checksum using the source and destination MAC addresses and the plaintext data of the 802.11 frame (or MAC service data unit (MSDU) in IEEE nomenclature). This protects against forgery attacks.
Countermeasures to bound the probability of successful forgery and the amount of information that an attacker can learn about a particular key.
A 48-bit IV and an IV sequence counter to address replay attacks.
Fragmented packets (MAC protocol data units (MPDUs) in IEEE nomenclature) received out of order are dropped by the receiver.
Per packet key mixing of the IV is used to break up the correlation used by weak key attacks.