TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products.
TKIP is a suite of algorithms that works as a "wrapper" to WEP, which allows users of legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the original WEP programming but "wraps" additional code at the beginning and end to encapsulate and modify it. Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis. The new protocol, however, encrypts each data packet with a unique encryption key, and the keys are much stronger than those of its predecessor. To increase key strength, TKIP includes four additional algorithms:
- A cryptographic message integrity check to protect packets
- An initialization-vector sequencing mechanism that includes hashing, as opposed to WEP's plain text transmission
- A per-packet key-mixing function to increase cryptographic strength
- A re-keying mechanism to provide key generation every 10,000 packets.
While TKIP is useful for upgrading security on devices originally equipped with WEP, it does not address all of the security issues facing WLANs and may not be reliable or efficient enough for sensitive corporate and government data transmission. The 802.11i standard specifies the Advanced Encryption Standard (AES) in addition to TKIP. AES offers a higher level of security and is approved for government use, but requires a hardware upgrade for implementation. As organizations replace older wireless equipment, AES is expected to become the accepted encryption standard for WLAN security.