Differences between MIC and ICV
Last Post: February 14, 2012:
-
You don?t have ?IP Header + payload? next.
How does the AP/STA know that IP is present ?
IP certainly doesn?t tell it that.
LLC/SNAP values work in conjunction with RFC 1042/802.1h . LLC was derived from HDLC, hence the use of C/R for example. As you know, the SAP values only allowed a certain range. Hence, the use of AA AA and UI ( from HDLC ). You?ll already know about types 1, 2 and 3 and the reasons why the one used now was selected.
-
I asked you before what book you referring to , but you didn?t bother replying. Let me know which book you are talking about.
TKIP was a stop-gap measure while CCMP-AES was being developed. The same ARC4 algorithm is used in both WEP and TKIP. It had to be for historical reasons which you must already know about. TKIP added more security features, including the use of a key for the calculation of the MIC. Key use is one of the major differences. WEP does not use a key for ICV calculation.
-
You stated:
???.and just on a part of the IP header of an MSDU, while the ICV protect the entire MSDU.?
The specs quite clearly state:
The DA field, SA field, three reserved octets, and a 1-octet Priority field are used only for calculating the
MIC. The Priority field refers to the priority parameter of the MA-UNITDATA.request service primitive.The entire IP header is protected.
Any more questions ?
-
[quote]You don?t have ?IP Header + payload? next.
How does the AP/STA know that IP is present ?
IP certainly doesn?t tell it that.
LLC/SNAP values work in conjunction with RFC 1042/802.1h . LLC was derived from HDLC, hence the use of C/R for example. As you know, the SAP values only allowed a certain range. Hence, the use of AA AA and UI ( from HDLC ). You?ll already know about types 1, 2 and 3 and the reasons why the one used now was selected.[/quote]
An MSDU should state for "MAC Service Data Unit" or in other words the PDU passed from the above level, IP.
At the IP level, we should have an IP Header + a payload where the payload contains, for example a TCP/UDP header + application data.
So an MPDU, should contain an entire MSDU. So why isn't an MSDU be made of IP header + a payload?[quote]I asked you before what book you referring to , but you didn?t bother replying. Let me know which book you are talking about.
TKIP was a stop-gap measure while CCMP-AES was being developed. The same ARC4 algorithm is used in both WEP and TKIP. It had to be for historical reasons which you must already know about. TKIP added more security features, including the use of a key for the calculation of the MIC. Key use is one of the major differences. WEP does not use a key for ICV calculation.[/quote]
I'm an Italian student and i don't think you understand Italian. The book i was refering to is still in publishing state but the professor gave us a copy. If you need some pics of what i'm talking about, i've no problem posting them but my words were copyed from there.
And yes, i'm done here for the part of MIC calculation: it's calculated using a cryptographic algorithm (Michael), which uses a key while ICV is calculated using a non-cryptographic algorithm, CRC-32.
[quote]You stated:
???.and just on a part of the IP header of an MSDU, while the ICV protect the entire MSDU.?
The specs quite clearly state:
The DA field, SA field, three reserved octets, and a 1-octet Priority field are used only for calculating the
MIC. The Priority field refers to the priority parameter of the MA-UNITDATA.request service primitive.The entire IP header is protected.
Any more questions ?[/quote]
I also got this. The MIC protects the entire IP header.
But the specs says:[i]"A transmitter calculates a keyed cryptographic message integrity code (MIC) over the MSDU SA
and DA, the MSDU priority (see 8.3.2.3), and the MSDU plaintext data."[/i]So the MIC also protect the payload, and so the entire MSDU (as like as the ICV).
Yes i have one more question: i clearly can't understand the difference of calculating MIC on the MSDU, or calculating the ICV on the payload of the MPDU (which contains an MSDU).
What i understood is that, besides the fac that MIC is calculated using a key while ICV is not, the MIC is calculated at the "MSDU level" while the ICV is calculated at the "MPDU level". But, why?
Moreover what are the advantages of the MIC with the fragmentation?If we had only WEP ICV, every fragment is protected by its own ICV, while if we have the MIC, it's calculated over the entire MSDU and then, every fragment is protected, again, by its own ICV.
A receiver, will first check every ICV of each MPDU (which is a fragment of that MSDU), and then, reassemble the MSDU and check the MIC integritiy.
What are the advantages here?Thanks.
P.S. i think there was a little misunderstanding from you. I've just read your PM and if you won't trash my reply, i'll be happy to send my answer.