TKIP Replay Protection

TKIP provides a 48 bit (6 bytes) monotonically increasing Transmit Sequence Counter (TSC) which it appends to each packet. If any TKIP packet is received wherein the TSC value is lesser than or equal to current Replay counter value – the frame is silently discarded.

The 802.11 standard defines a set of rules for TKIP Replay protection and is provided (from the standard) below

  • Each MPDU shall have a unique TKIP TSC value.
  • Each transmitter shall maintain a single TSC (48-bit counter) for each PTKSA, GTKSA, and STKSA.
  • The TSC shall be implemented as a 48-bit monotonically incrementing counter, initialized to 1 when the corresponding TKIP temporal key is initialized or refreshed.
  • The WEP IV format carries the 16 LSBs of the 48-bit TSC, as defined by the TKIP mixing function (Phase 2, STEP3). The remainder of the TSC is carried in the Extended IV field.
  • A receiver shall maintain a separate set of TKIP TSC replay counters for each PTKSA, GTKSA, and STKSA.
  • TKIP replay detection takes place after the MIC verification and any reordering required by ACK processing. Thus, a receiver shall delay advancing a TKIP TSC replay counter until an MSDU passes the MIC check, to prevent attackers from injecting MPDUs with valid ICVs and TSCs, but invalid MICs.

NOTE—This works because if an attacker modifies the TSC, then the encryption key is modified and hence both the ICV and MIC decrypt incorrectly, causing the received MPDU to be dropped.

  • For each PTKSA, GTKSA, and STKSA, the receiver shall maintain a separate replay counter for each frame priority and shall use the TSC recovered from a received frame to detect replayed frames. A replayed frame occurs when the TSC extracted from a received frame is less than or equal to the current replay counter value for the frame’s priority. A transmitter shall not reorder frames with different priorities without ensuring that the receiver supports the required number of replay counters. The transmitter shall not reorder frames within a replay counter, but may reorder frames across replay counters. One possible reason for reordering frames is the IEEE 802.11 MSDU priority.
  • A receiver shall discard any MPDU that is received out of order and shall increment the value of dot11RSNAStatsTKIPReplays for this key.
  • For MSDUs sent using the Block Ack feature, reordering of received MSDUs according to the Block Ack receiver operation is performed prior to replay detection.

The 802.11 Security Task Group was developing the AES standard and TKIP was to be superseded by the AES encryption mechanism which is what that transpired. We shall have a brief look at the AES Encryption scheme in the coming articles

AES Encryption Mechanism

Comments

  1. Hello there,

    My name is Aly and I would like to know if you would have any interest to have your website here at hitchhikersguidetolearning.com promoted as a resource on our blog alychidesign.com ?

    We are in the midst of updating our broken link resources to include current and up to date resources for our readers. Our resource links are manually approved allowing us to mark a link as a do-follow link as well
    .
    If you may be interested please in being included as a resource on our blog, please let me know.

    Thanks,
    Aly

    1. Jataayu

      i would like to know what your website will show my website as.
      Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *