Page 249 - StudyBook.pdf
P. 249
Communication Security: Wireless • Chapter 4 233
dors are using or considering using a temporary solution called Temporal Key
Integrity Protocol (TKIP) to enhance the security of wireless networks.The TKIP
standard was not finalized at the time of this writing, but some vendors are already
implementing it (for example, Cisco, which initially developed TKIP as a propri-
etary technology for use in its products).
TKIP can be used with or as an alternative to 802.1x authentication.TKIP
comprises a set of algorithms that enhance WEP. It provides more security than
WEP through the use of key mixing, an extended IV, a message integrity check
(MIC), and rekeying.A primary advantage of TKIP is that it can be implemented
through firmware updates of current devices (another reason to only purchase
devices capable of firmware updates).TKIP addresses the problem of static WEP
keys by changing the temporal key used for the encryption process every 10,000
packets.Additionally, the use of TKIP addresses another vulnerability of static WEP:
the use of the same shared key by all the wireless devices.TKIP ensures that each
wireless station uses a different key for the encryption process.TKIP accomplishes
this by using a 128-bit temporal key that is shared between the wireless workstations
and the AP.The temporal key is then combined with the MAC address of each of
the wireless devices to provide the encryption key used for RC4 encryption on the
wireless network by that device.This also reduces the vulnerability to attacks based
on the fact that the IV is sent in the clear in standard WEP implementations, by
adding another layer of encryption.
Message Integrity Code (MIC)
Another vulnerability of WEP is that it is relatively easy for a knowledgeable and
determined attacker to modify (flip) bits in an intercepted message, recalculate the
appropriate CRC (also known as the Integrity Checksum value or ICV), and then
send the altered message to the AP. Because the CRC is spoofed, the AP will
accept the altered message and reply to it, providing information that the attacker
can use to crack the WEP encryption.This form of attack is described in a paper
entitled “Intercepting Mobile Communications:The Insecurity of 802.11” by
Nikita Borisov, Ian Goldberg, and David Wagner.”
MIC, which is also part of the TKIP algorithms, provides a much stronger
mechanism for checking messages for evidence of tampering by adding a MIC
value that is encrypted and sent with the message. Upon receipt, the MIC value is
decrypted and compared with the expected value. MIC is, in reality, a form of
Message Authentication Code, often referred to as MAC, which is a standard cryp-
tographic term. However, because “MAC” is used quite frequently with regard to
Media Access Control addresses,“MIC” is used to differentiate the two.
www.syngress.com
