LANCOM Reference Manual LCOS 3.50 Chapter 11: Wireless LAN – WLAN
226
Wireless LAN – WLAN
decryption part of TKIP checks this sequentiality and discards packets which
contain an already-used IV, which prevents replay attacks.
As a further detail, TKIP also mixes the MAC address of the sender into the
first phase. This ensures that the use of identical IVs by different senders
cannot lead to identical RC4 keys and thus again to attack possibilities.
As mentioned above, the Michael hash does not represent a particularly tough
cryptographic hurdle: if the attacker can break the TKIP key or get encrypted
packets past the CRC check via modifications similar to those for WEP, then
not many barriers remain. For this reason, WPA defines countermeasures if a
WLAN card detects more than two Michael errors per minute: both the client
and the access point break data transfer off for one minute, afterwards
renegotiating TKIP and Michael keys.
The key handshake
In the discussion of 802.1x it was already noted that EAP/802.1x provides a
possibility to inform the client at the outset of a session of the key valid for it.
WPA now places that on a standardised basis, and considers the session-key
option offered by modern access points that, in addition to the four 'global'
keys, assigns each registered client with a session key that is used exclusively
with data packets to or from that client.
If you take another look at the procedure shown in Figure 2, the newly defined
key handshake replaces the phase in which the access point transmits the
WEP key to the client after receiving the Master Secret from the RADIUS server.