countermeasures in TKIP
Last Post: January 3, 2008:
-
Hi everyone. Can anyone explain to me how the countermeasures in TKIP work. Could you please provide me with a pseudocode?
Thanking you in advance. -
Hii sonia ,
For details you can refer to the 802.11i doc .here is brief of the same :
whenever the TKIP MIC failure event is detected by the AP twice within the 60 secs , the all the TKIP trafic is stopped using the current key.
you will see that AP will generate alert , and stop all the traffic , all the client will get dissociated and then again the new key (PTK , GTK)will be assigned to all the TKIP stations and traffic will start.
Also it depends on the vendor implementation , as i have seen the silent time after MIC detection is configurable in some implementations which is 60 secs according to 802.11i . -
Hi.Where will I get the 802.11i doc?I've searched on the net but could not find it.
-
http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?tp=&isnumber=29229&arnumber=1318903&punumber=9214
-
Thanks a lot.But I think only members of this organisation can download it.
Best Regards
Sonia -
Hii sonia
you can get the same from here :
http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
select the user type applicable to you . -
Hi Vinay
Thanks a lot. I have downloaded it and gone through it.
Do you have any idea about the advanatages and disadvantages of using a substitution box?
Best Regard
Sonia -
Hii sonia ,
I dont have much idea on this, may be following link useful to you :
http://www.ciphersbyritter.com/RES/SBOXDESN.HTM -
Hi Vinay
Thank a lot. The link you provided me was helpful.
Do you know anything about equational complexity for the encapsulation and decapsulation of TKIP?
By equational complexity, I mean,how many addition, multiplication,rotation, shift operations are there.
I've been able to do for the key mixing. But I'm unable to complete the rest. that is for the countermeasure module.
Do you have any idea for the countermeasure module?
Best Reagrd
Sonia
Phase1
3 addition + 3 multiplication + 6 addition + 5 substitute
each substitute contains 5 addition, 5 ExOR, 5 multiplication
Overall equation for Phase 1: 34 additions + 28 multiplications + 25 ExOR
Phase 2
Part 1 : 1 add + 6 add + 6 substitute
Each substitute contains 6 ExOR, 6 mul, 6 add
Overall equation for part 1 : 43 add + 36 ExOR + 36 mul
Part 2 : 6 add + 2 r1 + 4 rot
Each r1 contains 2 ExOR, 2 mul, 2 add
Overall equation for part 2 : 10 add + 4 ExOR + 4 mul + 4 rot
Part 3 : 8 div + 1 OR + 1 ExOR + 1 mul + 1 add + 1 rot
Overall equation for Phase 2 :
54 additions + 8 divisions + 41 multiplications + 1 OR + 41 ExOR + 5 rot -
Hii Sonia
According to my understanding of your question , you are asking bout the equation for TKIP countermeasures.
Actually there will be one counter and timer starts as soon as the first MIC failure event happens and if another MIC failure event is deteced within 60 secs then then the countermeasures are activated.Other than this there is no equational calaculation is done for enabling the countermeasures.
Hope this helps.802.11i is the best doc that will help you on this