What is Temporal Key Integrity Protocol?
Temporal Key Integrity Protocol (TKIP) is a security protocol for WLAN networks that was developed to provide an urgent, short-term alternative for Wired Equivalent Privacy (WEP) protocol, which is considered insecure. TKIP was developed and endorsed by the Wi-Fi Alliance and the IEEE 802.11i task group and was limited in use because it had to work on older WEP hardware. In 2003, the Wi-Fi Alliance introduced TKIP as a replacement for WEP, with the goal of addressing the security weaknesses of WEP and providing better protection for wireless networks. TKIP could only be implemented by software (not firmware), had limited processing power, and had to use WEP’s per-packet encryption process using the RC4 (Rivest Cipher 4) stream cipher1.
TKIP was designed to be a backward-compatible upgrade to WEP, allowing existing hardware to support the new protocol without requiring significant changes. TKIP introduced a number of security features that made it much more difficult to hack than WEP. These features included a stronger encryption algorithm, a longer key length, and a message integrity check that protected against packet injection attacks. While TKIP was an improvement over WEP, it was still susceptible to some types of cyberattacks. TKIP was eventually replaced by the more secure Advanced Encryption Standard (AES) protocol, which is now the standard security protocol used in most wireless networks.
Since 2002, the Wi-Fi Alliance has supported the TKIP under the name Wi-Fi Protected Access (WPA). TKIP is the core component of WPA (Wi-Fi Protected Access) and works on legacy WEP hardware. If your organization is continuing to use WPA with TKIP on legacy WEP hardware, your device may be vulnerable to the following types of cyberattacks:
Beck-Tews Attack. The Beck-Tews attack is a cryptanalytic attack against the TKIP, based on the fact that TKIP uses the same “Michael” key for both encryption and decryption, which allows a cyberattacker to compute the keystream, which can then be used to decrypt packets.
Ohigashi-Morii Attack. The Ohigashi-Morii attack is a type of attack on the TKIP that works by exploiting a flaw in the way TKIP handles message authentication codes (MACs). By carefully crafting malicious MACs, a cyberattacker can trick a TKIP-protected device into accepting them as valid, which can allow the threat actor to gain access to the device, or to eavesdrop on its communications.
RC4 NOMORE. RC4 NOMORE is an attack against RC4 that affects the use of RC4 in several protocols, including Transport Layer Security (TLS) used by web browsers and web applications, and also within WPA-TKIP used by wireless networks. This vulnerability can allow a threat actor to decrypt a small amount of repeated content, such as a session token or other sensitive cookie values.
1 Information Security Asia, 2023, “What is TKIP (Temporal Key Integrity Protocol)?”