IEEE 802.11-03/632r0 Removing the TKIP Specific Backdoor from the CCMP Mode of EncryptionPaul A. Lambert
This is a problem, for example:
In a hotspot, users can monitor their neighbors traffic
There is no way to tell when you have a pairwise key or when your neighbor also has your key.
This mode was designed to support the security limitiations of some vendors legacy equipment using TKIP
The TGi draft currently allow “Use Group Key” for all algorithms including AES
doc.: 11-03-0632r0-I
Current “Use Group Key Text”
“The cipher suite selector 00:00:00:0 “Use Group Key cipher suite” is only valid as the pairwise cipher suite. An AP may specify the selector 00:00:00:0 “Use Group Key cipher suite” for a pairwise key cipher suite if it does not support any pairwise cipher suites. An AP shall not specify the selector 00:00:00:0 “Use Group Key cipher suite” as the group key cipher suite selector.”
doc.: 11-03-0632r0-I
Submission
Motion
Append the following sentence to description of “Use Group Key” in section 7.3.2.9: