Forum

PTKSA/GTKSA/STAKeySA-replay counters

1 posts by 1 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: June 25, 2007:
  • By Devinator
    Reply

    8.3.2.6 TKIP replay protection procedures
    TKIP implementations shall use the TSC field to defend against replay attacks by implementing the following rules:
    a) Each MPDU shall have a unique TKIP TSC value.
    b) Each transmitter shall maintain a single TSC (48 bit counter) for each PTKSA, GTKSA, and
    STKSA.
    c) The TSC shall be implemented as a 48-bit monotonically incrementing counter, initialized to 1 when
    the corresponding TKIP temporal key is initialized or refreshed.
    d) The WEP IV format carries the 16 LSBs of the 48-bit TSC, as defined by the TKIP mixing function
    (Phase 2, STEP3). The remainder of the TSC is carried in the Extended IV field.
    e) A receiver shall maintain a separate set of TKIP TSC replay counters for each PTKSA, GTKSA, and
    STKSA.
    f) TKIP replay detection takes place after the MIC verification and any reordering required by ACK
    processing. Thus, a receiver shall delay advancing a TKIP TSC replay counter until an MSDU
    passes the MIC check, to prevent attackers from injecting MPDUs with valid ICVs and TSCs, but
    invalid MICs.
    NOTE?¡é?€?¡±This works because if an attacker modifies the TSC, then the encryption key is modified and hence
    both the ICV and MIC will ordinarily decrypt incorrectly, causing the received MPDU to be dropped.
    g) For each PTKSA, GTKSA, and STKSA, the receiver shall maintain a separate replay counter for
    each frame priority and shall use the TSC recovered from a received frame to detect replayed
    frames, subject to the limitations on the number of supported replay counters indicated in the RSN
    Capabilities field, as described in 7.3.2.25. A replayed frame occurs when the TSC extracted from a
    received frame is less than or equal to the current replay counter value for the frame?¡é?€??s priority. A
    transmitter shall not reorder frames with different priorities without ensuring that the receiver supports
    the required number of replay counters. The transmitter shall not reorder frames within a
    replay counter, but may reorder frames across replay counters. One possible reason for reordering
    frames is the IEEE 802.11 MSDU priority.
    h) A receiver shall discard any MPDU that is received out of order and shall increment the value of
    dot11RSNAStatsTKIPReplays for this key.
    i) For MSDUs sent using the Block Ack feature, reordering of received MSDUs according to the
    Block Ack receiver operation (described in 9.10.4) is performed prior to replay detection.

Page 1 of 1
  • 1