Recently my girlfriend and I moved into a new apartment on Milwaukee’s Lower East Side. We had been using an old Linksys router at our previous quarters but with the new apartment only having a single cable drop in the most inconvenient location possible, we decided to go wireless. I had never used a wireless router at home before so I had a lot of research ahead of me. We wanted speed, range, security, and as inexpensive as possible. We ended up purchasing the Linksys WRT54G2 router due to it being a middle-of-the-road wireless router. The WRT54G2 uses 802.11g, contains two internal antennas and has an output power rated at 18 dBm. These characteristics met our first two requirements but what was there for security? The router offers WPA2, WEP, Wireless MAC Filtering and can use security keys of 128 bits. This seemed like the standard suite and the router was within our price range.

Setting up the router was easy and once everything was in working order I decided to start tinkering with its configuration. Under the Wireless Security settings I noticed a few interesting options. The ‘Security Mode’ option allowed me to select Disabled, WPA Personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, RADIUS, and WEP. If I selected WPA Personal I noticed that the ‘WPA Algorithm’ option would set itself to TKIP with no other option. If I chose to use WPA2 Personal I was given a choice of AES or “TKIP+AES”. Having only dabbled with cracking WEP networks before I was curious as to what TKIP was.

Temporal Key Integrity Protocol, or TKIP, was the solution to WEP’s weaknesses. TKIP provides more robust link-layer security than WEP (which lacked this altogether) while allowing legacy devices to continue operation. The final version of TKIP was adopted by IEEE in 802.11i-2004 and had been endorsed by the Wi-Fi Alliance under the name Wi-Fi Protected Access (WPA). TKIP has reached the end and will no longer be supported in the next 802.11 draft.

TKIP brought three major security upgrades to WEP. The first upgrade implemented a key mixing function before passing it to the RC4 stream cipher. The secret root key and the initialization vector were mixed before RC4 would spit out a 128-bit key for encryption. This is in contrast to WEP which did not mix the root key with initialization vector which gave rise to cracking WEP keys. The second security enhancement provides a sequence counter to protect against replay attacks. Lastly, the final security enhancement to WEP via TKIP is the use of a a 64-bit message integrity check named MICHAEL.

The official Intel documentation states that TKIP also uses “a per-packet key mixing function, to de-correlate the public IVs from weak keys”.

The Intel documentation also provides a detailed explanation of how MICHAEL and message authentication codes in general work. I will try to summarize their words as best I can. Every message authentication code system has three components: a secret authentication key, a tagging function, and a verification predicate. The secret authentication key K is shared only between the sender and receiver. The tagging function uses this secret key and the message as inputs and outputs a tag called the message integrity code. This message integrity code is sent along with the message. The receiver must input the secret key, the message, and the message integrity code into the verification predicate. If the verification predicate determines that all of these inputs are the correct inputs it will return true otherwise false (forged attempt).

MICHAEL uses two 32-bit little-Endian words for a total of 64 bits. “The tagging function first pads a message with the hex value 0x5a and enough zero pad to bring the total message length to a multiple of 32-bits, then partitions the result into a sequence of 32-bit words M₁ M₂ … M_n, and finally computes the tag from the key and the message words using a simple iterative structure:

(L,R) ← (K0,K1)
   do i from 1 to n
   L ← L ⊕ Mi
   (L,R) ← b(L,R)
return (L,R) as the tag

where ⊕ denotes exclusive-or (XOR) and b is a simple function built up from rotates, little-Endian additions, and bit swaps.

Unfortunately, this information is a bit out of date and with the advancements in wireless security will become useless entirely in the near future. TKIP is being phased out as WPA2 and newer security protocols are developed. In the interests of knowing how something works, in this case a wireless protocol, I researched TKIP since I had no idea what it was due to my lack of experience with wireless devices.