Ban of WEP & TKIP
Wi-Fi Alliance has (finally) decided to take some giant steps in improving the state of wireless security. Starting Jan 2011, TKIP will be disallowed on new APs and from 2012, it will be disallowed on all Wi-Fi devices. Come Jan 2013, WEP will not be allowed on new APs and from 2014, WEP will be disallowed on all Wi-Fi devices. This is the good news. But, let us also get to the “bad” news.
The recently announced improved version of the original Beck-Tews attack on WPA/TKIP appears to have put the wireless security community in a tizzy again. In this post, I argue that the new attack is neither groundbreaking in academic terms, nor is it more worrying in practical terms.
The proposed attack assumes (somewhat unrealistically) that the AP and client cannot hear each other but the attacker can hear both (and can thus act as a man-in-the-middle). In terms of attack speed as well, it is actually slower than the original attack under its stated assumptions.
Michael is the Message Integrity Code adapter by the TKIP standard. Michael is actually a weak code which uses simple additions and shift operation which are computationally less expensive, but strong enough as a intermediate solution from WEP. Michael was chosen as MIC in TKIP, so that the already deployed low end Access Points can also be software upgraded to TKIP without any hardware change. This video explains the working of MIC in TKIP.
