Chapter 7. 802.11i: Robust Security Networks, TKIP, and CCMP
802.1X provides a framework for authentication and key management, which addresses two of the major flaws in the design of WEP. The major remaining flaw to be addressed is the lack of confidentiality provided by WEP encryption. Fixing link layer encryption was taken on by Task Group I of the 802.11 working group. In June 2004, their work was finally complete when the standard was ratified, after several delays.
802.11i takes a two-track approach to addressing the weaknesses in link-layer encryption. Its major components are two new link-layer encryption protocols. The first, the Temporal Key Integrity Protocol (TKIP) was designed to bolster security to the greatest extent possible on pre-802.11i hardware. The second, Counter Mode with CBC-MAC Protocol (CCMP), is a new encryption protocol designed from the ground up to offer the highest level of security possible.
The Temporal Key Integrity Protocol (TKIP)
The first new link layer encryption protocol to be widely implemented was the Temporal Key Integrity Protocol (TKIP). The major motivation for the development of TKIP was to upgrade the security of WEP-based hardware. Typically, chipsets capable of WEP offered hardware support for RC4 encryption. With the heavy lifting of encryption implemented in hardware, software and firmware upgrades make the rest possible. TKIP retains the basic architecture and operations of WEP because it was designed to be a software upgrade ...