Cryptography Reference
In-Depth Information
Also with Michael both the source address and destination address are
protected, whereas in WEP there is no such protection. Moreover, Michael
essentially enforces the packet sequencing. This is because Michael applies
to whole packets,
Media Access Control Service Data Units
(MSDU)s,
which includes the MSDU source address (SA), the MSDU destination
address (DA), and the MSDU plaintext data.
2.
Packet Sequencing
: To thwart replay attacks, TKIP mandates that the
same IV value of 48 bits is never used more than once, and a sequencing
mechanism is in place so that there is a discardingof any packet received
with an IV value no bigger than the last packet that was received and
processed successfully. If the IV were to reach its maximum value, all
data traLc would halt.
3.
Per-Packet Key-Mixing Function
: To prevent the recoveringof the
WEP key (a design problem with WEP, listed as item 3 on page 344), as
an automatic feature, a fresh, unique encryption key is generated for each
client. Since this is done at periodic intervals, it avoids the insecurities
inherent in WEP where the same key may be in use for several weeks.
We now look at the TKIP features in more detail.
9.23
Message Integrity Code
Background Assumptions
: Michael inputs a 64-bit Michael key
MK
, where
MK
is represented as two 32-bit little-Endian words,
9.24
MK
=(
K
0
,K
1
), and
inputs the message
m
. Michael processes the message by padding it so that its
bitlength is congruent to 0 modulo 32. Second, it segments
m
into a sequence
of 32-bit words,
m
1
,m
2
,...,m
n
. Then it executes the followingto compute the
tagfrom the key and the messae. First, set
i
=1,
L
=
K
0
,
R
=
K
1
, and let
f
be a function (that we will not describe explicitly), constructed from shifts,
byte swaps, and additions. As usual,
⊕
denotes addition modulo 2.
MIC Tag Creation
1. Replace
L
by
L
⊕
M
i
.
2. Replace (
L, R
)by
f
(
L, R
).
3. Replace
i
by
i
+1.
4. If
i<n
, go to step 1. Otherwise, output
T
=(
L, R
) as the MIC tag.
9.23
In view of the above discussion, WPA is often written in the form of the following formula:
WPA=802.1X+EAP+TKIP+MIC.
9.24
The term
Endian
refers to the different means of ordering bytes for storage as representa-
tion of values. Big Endia means the ordering of bytes in a word such that the most significant
digits (or bytes) are positioned on the left. Little Endia refers to the placing of the least
significant digits on the left.
Search WWH ::
Custom Search