Difference Between AES and TKIP


When communicating over an untrusted medium such as wireless networks, it is very important to protect information. Cryptography (encryption) plays an important role in this. Most modern Wi-Fi devices can use either WPA or WPA2 wireless security protocols. User can use TKIP (Temporal Key Integrity Protocol) encryption protocol with WPA and AES (Advanced Encryption Standard) encryption standard based CCMP encryption protocol with WPA2.

What is AES?

AES belongs to the family of symmetric-key encryption standard. AES was developed in 2001 by NIST (National Institute of Standards and Technology). After just one year the U.S. government selected it as a Federal government standard. It was initially called Rijndael, which is a wordplay of the two Dutch inventers Joan Daemen and Vincent Rijmen. NSA (National Security Agency) uses AES for top-secret work. In fact AES is NSA’s first ever public and open cipher. AES-128, AES-192 and AES-256 are the three block ciphers that make up this standard. All three has a block size of 128 bits and has 128-bit, 192-bit and 256-bit key sizes respectively. This standard is one of the most widely used ciphers. AES was the successor to DES (Data Encryption Standard).

AES accepted to be highly secure encryption standard. It has been successfully attacked only very few times, but they were all side-channel attacks on some specific implementations of AES. Due to its high security and reliability, NSA uses it to protect both non-classified and classified information of the U.S. Government (NSA announced this in 2003).

What is TKIP?

TKIP (Temporal Key Integrity Protocol) is a wireless security protocol. It is used in IEEE 802.11 wireless networks. IEEE 802.11i task group and Wi-Fi Alliance jointly developed TKIP in order to replace WEP, which would still work on deployed WEP compatible hardware. TKIP was a direct result of breaking of WEP that caused Wi-Fi networks to act without a standard link layer security protocol. Now, TKIP is endorsed under WPA2 (Wi-Fi Protection Access version 2). TKIP provides key mixing (combine secret root key with initialization vector) as an improvement over WEP. It also prevents replay attacks by using a sequence counter and rejecting out-of-order packets. Furthermore, TKIP uses 64-bit MIC (Message Integrity Check), for the prevention of accepting forged packets. TKIP had to use RC4 as its cipher because it needs to make sure that it would run on WEP legacy hardware. Although, TKIP prevents many attacks that WEP was vulnerable for (such as recovery attacks), it is still vulnerable for some other minor attacks such as Beck-Tews attack and Ohigashi-Morii attack.

What is the difference between AES and TKIP?

AES is an encryption standard, while TKIP is an encryption protocol. However, AES based CCMP is sometimes referred to as AES (possibly resulting in some confusion). TKIP is the encryption protocol used in WPA, while WPA2 (which replaces WPA) uses (AES based) CCMP as the encryption protocol. AES is the successor to DES, whereas TKIP was developed to replace WEP. Very few implementations of AES are susceptible to side channel attacks, while TKIP is vulnerable to few other narrow attacks. Overall, CCMP is considered more secure than TKIP.