Abstract
Temporal key integrity protocol (TKIP) is a sub-protocol of IEEE 802.11i. TKIP remedies some security flaws in wired equivalent privacy (WEP) protocol. TKIP adds four new algorithms to WEP: a message integrity code (MIC) called Michael, an initialization vector (IV) sequencing discipline, a key mixing function and a re-keying mechanism. The key mixing function, also called temporal key hash, de-correlates the IVs from weak keys. Some cryptographic properties of the substitution box (S-box) used in the key mixing function are investigated in this paper, such as regularity, avalanche effect, differ uniform and linear structure. Moen et al pointed out that there existed a temporal key recovery attack in TKIP key mixing function. In this paper a method is proposed to defend against the attack, and the resulting effect on performance is discussed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
IEEE std 802.11i, Wireless LAN medium access control (MAC) security enhancements specification[S].
Daemen J, Rijmen V. The design of Rijndael: AES — the advanced encryption standard[M]. Berlin: Springer-Verlag, 2002.
Fluhrer S, Mantin I, Shamir A. Weaknesses in the key scheduling algorithm of RC4 [C]//SAC 2001. Toronto, Canada: Springer-Verlag, 2001: 1–24.
Borisov N, Goldberg I, Wagner D. Intercepting mo-bile communications: the insecurity of 802.11 [C]//Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking (MOBICOM 2001). Rome, Italy: ACM Press, 2001: 180–189.
Seberry J, Zhang X M, Zheng Y L. Relationships among nonlinearity criteria [C]//EUROCRYPT 1994. Perugia, Italy: Springer-Verlag, 1995: 376–388.
Webster A F, Tavares S E. On the design of Sboxes [C]//CRYPTO 1985. Santa Bar-bara, California, USA: Springer-Verlag, 1986: 523–534.
Forre R. The strict avalanche criterion: spectral properties of Boolean functions and an extended definition [C]//CRYPTO 1988. Santa Barbara, California, USA: Springer-Verlag, 1990: 450–468.
Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems [J]. Journal of Cryptology, 1991, 4(1): 3–72.
Statoh T, Iwata T, Kurosawa K. On cryptographically secure vectorial Boolean functions [C]//ASIACRYPT 1999. Singapore: Springer-Verlag, 1999: 20–28.
Matsui M. Linear cryptanalysis method for DES cipher [C]// EUROCRYPT 1993. Lofthus, Norway: Springer-Verlag, 1994: 386–397.
Seberry J, Zhang X M, Zheng Y L. Nonlinearly bal-anced Boolean functions and their propagation char-acteristics [C]//CRYPTO 1993. Santa Barbara, California, USA: Springer-Verlag, 1994: 49–60.
Meier W, Staffelbach O. Nonlinearity criteria for cryptographic functions [C]//EUROCRYPT 1989. Houthalen, Belgium: Springer-Verlag, 1990: 549–562.
Dubuc S. Characterization of linear structures [J]. Designs, Codes and Cryptography, 2001, 22: 33–45.
Moen V, Raddum H, Hole K J. Weakness in the temporal key hash of WPA [J]. ACM SIGMOBILE Computing and Communications Review, 2004, 8(2): 76–83.
Biryukov A, Wagner D. Slide attacks [C]//FSE 1999. Toulouse, France: Springer-Verlag, 1999: 245–259.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: the National Laboratory for Modern Communications (No. 51436050304JW0317) and the National Natural Science Foundation of China (No. 60573030)
Rights and permissions
About this article
Cite this article
Han, W., Zheng, D. & Chen, Kf. Some remarks on the TKIP key mixing function of IEEE 802.11i. J. Shanghai Jiaotong Univ. (Sci.) 14, 81–85 (2009). https://doi.org/10.1007/s12204-009-0081-8
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12204-009-0081-8