Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

Size: px

Start display at page:

Download "Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma"

Coleen Ray
6 years ago
Views:

1 Temporal Key Integrity Protocol: TKIP Tim Fielder University of Tulsa Tulsa, Oklahoma

2 History IEEE released the first specification back in 1997 The Wired Equivalent Privacy (WEP) authentication/encryption protocol was included WEP included two methods of authentication and one of encryption None of it was secure

3 WEP doesn t work By 2001, people were publishing papers about how WEP could be cracked The shared key authentication protocol is so weak, it's more secure to turn off authentication entirely and force users to memorize the encryption key With off-the-shelf hardware, any WEP key up to the limit of 26 hex digits can be cracked in only a few minutes

4 TKIP to the rescue Once IEEE realized that WEP did not deliver on the security it was supposed to provide, they quickly began looking for a new protocol Until a new protocol could be created and a specification could be ratified so that hardware could be built, an interim solution was needed TKIP was the solution: it closes most of the avenues of attack available for WEP, and it runs on the same hardware

5 How does WEP work? For the authentication mode, WEP uses a shared key known by both the client and the server as part of a rotating encryption algorithm The host broadcasts an initialization vector (IV) which the client picks up and uses to seed the encryption algorithm, along with the key The host broadcasts a new IV every so often, thus changing the seed for the encryption algorithm and hypothetically blocking attempts to derive the shared key through analysis of encrypted traffic

6 How is WEP broken? For the shared key to remain secret, an attacker can t be allowed to get enough traffic with a single IV seed to derive the key through analysis Even at the upper limit of IV length allowed by the specification, the host has at least a 50% chance of reusing an IV every 5000 packets If the host broadcasts more than about 20,000 packets, the shared key can be calculated with greater than 90% odds

7 How does TKIP work? TKIP uses a hashed combination of the shared key and IV as an encryption key, rather than simply concatenating the two values TKIP implements a sequence counter to prevent replay attacks TKIP also includes a checksum, called a Message Integrity Check (MIC) The new protocol uses the same encryption algorithm, but ensures that every packet is encrypted with a unique key

8 How is TKIP still broken? At least two attacks exist for TKIP The attacks involve playing man-in-the-middle for around 20 minutes so that a malicious client can broadcast around 15 arbitrary packets Neither attack allows for the recovery of the pairwise keys Attackers can still perform ARP poisoning, DoS attacks, and other attacks that can be conducted entirely with only a handful of packets

9 Present day In 2010, the Wi-Fi Alliance announced that they would be disallowing the use of the WEP and TKIP protocols on devices in the near future The current protocol, WPA2, uses a similar temporal key encryption methodology, but it s backed up by the much more secure AES algorithm Attacks exist, but the fastest known attack, with current hardware, requires about 4 trillion years to perform once

10 Conclusion New technology is not secure just because an organization says that it is. When someone does discover or invent a way to break an encryption algorithm, fixing the problem takes about five years Being an early adopter may not always be the greatest idea when new technology hits the market If security is your job, read the IEEE publications

11 Resources reload=true&arnumber=654749&isnumber=14251&punumber=525 % %29%3Cin%3Emetadata&pos=0

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE