Download
1 / 4
40 likes | 57 Views
Learn how to remove the TKIP backdoor from CCMP encryption mode for improved security and key management in wireless networks. Enhance your network's security against monitoring and key sharing vulnerabilities.
E N D
Removing theTKIP Specific Backdoorfrom the CCMP Mode of Encryption Paul A. Lambert Paul Lambert, Airgo Networks
Background • The “Use Group Key” cipher sets all STA-to-AP encryption keys to the same value. • This is a problem, for example: • In a hotspot, users can monitor their neighbors traffic • There is no way to tell when you have a pairwise key or when your neighbor also has your key. • This mode was designed to support the security limitiations of some vendors legacy equipment using TKIP • The TGi draft currently allow “Use Group Key” for all algorithms including AES Paul Lambert, Airgo Networks
Current “Use Group Key Text” • “The cipher suite selector 00:00:00:0 “Use Group Key cipher suite” is only valid as the pairwise cipher suite. An AP may specify the selector 00:00:00:0 “Use Group Key cipher suite” for a pairwise key cipher suite if it does not support any pairwise cipher suites. An AP shall not specify the selector 00:00:00:0 “Use Group Key cipher suite” as the group key cipher suite selector.” Paul Lambert, Airgo Networks
Motion • Append the following sentence to description of “Use Group Key” in section 7.3.2.9:"The selector 00:00:00:0 shall only be used as a pairwise cipher when the Group Key Cipher Suite is TKIP (selector 00:00:00:2)”. Paul Lambert, Airgo Networks
