Dynamic WEP (WEP with 802.1X) avoids this by refreshing keys before the IV space is exhausted. Appropriate refresh intervals should be determined by looking at actual frame counts in your WLAN.
Encryption keys are never re-used by TKIP. TKIP combines a temporal key, the transmitter's address and TKIP Sequence Counter (TSC) to generate per-packet keys. If the TSC is exhausted, the standard requires communication to be discontinued or the temporal key to be regenerated. The TSC is 48 bits long, or 281,474,976,710,656. That's a very large number of frames. How long will it take for your WLAN to generate this many frames? At 802.11b data rates, you're talking many years.
The 802.11i standard specifies a maximum lifetime for temporal keys, defined as the minimum of any configured Pairwise Master Key Lifetime and any session timeout carried by RADIUS accept messages returned via 802.1X. That lifetime can cause the temporal key to be refreshed at regular intervals. But you don't need to set that lifetime based on TKIP key reuse. Think in terms of how long a user should really be authorized before requiring reauthentication.
Dig Deeper on Enterprise mobile security
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.