802.11 Wireless Attacks & Detection/Defense  Home ToC Prev Up Next 
802.11 overview
Link layer
MAC header
AUTH frame
DEAUTH frame
802.1x
+802.11i
Attacks
Detection
Defense
Conclusion
  

802.11i

  • CCMP (Cipher Block Chaining MAC protocol) - 128-bits encryption using AES

  • TKIP (Temporal Key Integrity Protocol) - each packet is encrypted with a unique WEP key generated using a one-way transformation from the primary key and incremental IV vector. After all IV vectors are tried (16.7 mil combinations), the primary WEP key is regenerated using 802.1x. Packet integrity is provided using MIC (Message Integrity Check) that represents a 32-bit value calculated from the frame header, payload, bit-flipping-proof sequential number - there is no possibility to forge datagrams or use the same IV

  • Key management and replacement of RC4 by AES, WRAP (Wireless Robust Authenticated Protocol), EAP and Radius standard
Copyright © 2005 Pavol Luptįk, ICZ a.s.  Prev Next