Removing the TKIP Specific Backdoor from the CCMP Mode of Encryption

1. Removing theTKIP Specific Backdoorfrom the CCMP Mode of Encryption Paul A. Lambert Paul Lambert, Airgo Networks

2. Background • The “Use Group Key” cipher sets all STA-to-AP encryption keys to the same value. • This is a problem, for example: • In a hotspot, users can monitor their neighbors traffic • There is no way to tell when you have a pairwise key or when your neighbor also has your key. • This mode was designed to support the security limitiations of some vendors legacy equipment using TKIP • The TGi draft currently allow “Use Group Key” for all algorithms including AES Paul Lambert, Airgo Networks

3. Current “Use Group Key Text” • “The cipher suite selector 00:00:00:0 “Use Group Key cipher suite” is only valid as the pairwise cipher suite. An AP may specify the selector 00:00:00:0 “Use Group Key cipher suite” for a pairwise key cipher suite if it does not support any pairwise cipher suites. An AP shall not specify the selector 00:00:00:0 “Use Group Key cipher suite” as the group key cipher suite selector.” Paul Lambert, Airgo Networks

4. Motion • Append the following sentence to description of “Use Group Key” in section 7.3.2.9:"The selector 00:00:00:0 shall only be used as a pairwise cipher when the Group Key Cipher Suite is TKIP (selector 00:00:00:2)”. Paul Lambert, Airgo Networks