TKIP
TKIP is a Temporal Key Hash Function. It is an alternative to WEP that fixes all the security problems and does not require different hardware than that is needed to support WEP. In other words, hardware that supports WEP can also do TKIP if the firmware is upgraded. Like WEP, TKIP uses the RC4 stream cipher as the encryptor and decryptor and all involved parties must share the same secret key. This secret key must be 128 bit and is called the "Temporal Key" (TK). TKIP also uses an Initialization Vector (IV) of 48-bit and uses it as a counter.
The IV is reinitialized to 0 when TK is set and the IV sequencing ensures that an IV is not reused. When IV reaches maximum value, the data traffic halts. A 48 bit IV is enough for 281474976710656 packets. The frame body (MAC service data unit = MSDU) can have a maximum size of 2304 bytes in 802.11. On an IP network the Maximum Transfer Unit (MTU) is most likely 1500 bytes, filling the frame body with the same number of bytes with data payload. Besides data frames, there are other types of frames like beacon frames, probe request and probe response. We can't expect all data frames to be exactly 1500 bytes. There are sure to be a lot of smaller frames. So for good measure, let's say that the average frame size is 512 bytes. With a transfer rate of 54Mbps and assuming no loss due to radio overhead, you would have to change your secret key after approx. 645 years (assuming you are still alive and using networking equipment with these puny data rates).
Even if the TK is shared, all involved parties generate a different RC4 key stream. This is because all communication participants perform a 2-phase generation of a unique "Per-Packet Key" (PPK) that is used as the key for the RC4 key stream.
Phase 1:
PHASE1_STEP1: P1K[0] = Lo16(IV32) P1K[1] = Hi16(IV32) P1K[2] = Mk16(TA[1],TA[0]) P1K[3] = Mk16(TA[3],TA[2]) P1K[4] = Mk16(TA[5],TA[4])PHASE1_STEP2: FOR i = 0 to PHASE1_LOOP_COUNT-1 BEGIN j = 2*(i & 1) P1K[0] = P1K[0] + S[P1K[4] Mk16(TK[ 1+j],TK[ 0+j])] P1K[1] = P1K[1] + S[P1K[0] Mk16(TK[ 5+j],TK[ 4+j])] P1K[2] = P1K[2] + S[P1K[1] Mk16(TK[ 9+j],TK[ 8+j])] P1K[3] = P1K[3] + S[P1K[2] Mk16(TK[13+j],TK[12+j])] P1K[4] = P1K[4] + S[P1K[3] Mk16(TK[ 1+j],TK[ 0+j])] + i END
Phase 2:
PHASE2_STEP1: PPK[0] = P1K[0] PPK[1] = P1K[1] PPK[2] = P1K[2] PPK[3] = P1K[3] PPK[4] = P1K[4] PPK[5] = P1K[4] + IV16PHASE2_STEP2: PPK[0] = PPK[0] + S[PPK[5] Mk16(TK[ 1],TK[ 0])] PPK[1] = PPK[1] + S[PPK[0] Mk16(TK[ 3],TK[ 2])] PPK[2] = PPK[2] + S[PPK[1] Mk16(TK[ 5],TK[ 4])] PPK[3] = PPK[3] + S[PPK[2] Mk16(TK[ 7],TK[ 6])] PPK[4] = PPK[4] + S[PPK[3] Mk16(TK[ 9],TK[ 8])] PPK[5] = PPK[5] + S[PPK[4] Mk16(TK[11],TK[10])] PPK[0] = PPK[0] + RotR1(PPK[5] Mk16(TK[13],TK[12])) PPK[1] = PPK[1] + RotR1(PPK[0] Mk16(TK[15],TK[14])) PPK[2] = PPK[2] + RotR1(PPK[1]) PPK[3] = PPK[3] + RotR1(PPK[2]) PPK[4] = PPK[4] + RotR1(PPK[3]) PPK[5] = PPK[5] + RotR1(PPK[4]) PHASE2_STEP3: RC4KEY[0] = Hi8(IV16) RC4KEY[1] = (Hi8(IV16) | 0x20) & 0x7F RC4KEY[2] = Lo8(IV16) RC4KEY[3] = Lo8((PPK[5] Mk16(TK[1],TK[0])) >> 1)FOR i = 0 to 5 BEGIN RC4KEY[4+(2*i)] = Lo8(PPK[i]) RC4KEY[5+(2*i)] = Hi8(PPK[i]) END
The 128-bit RC4KEY is then used with RC4 and the keystream is XORed with the data and ICV just as with WEP.
To maintain compatibility with WEP, the first 24-bit of the PPK is transmitted as plaintext.
This paper by Russ Housley an Doug Whiting from December 2001 and this paper by Russ Housley, Dough Whiting and Niels Ferguson from April 2002 give an in-depth description of how TKIP works.
MIC
Message Integrity Code (MIC) is computed to detect errors in the data contents, either due to transfer errors or due to purposeful alterations. The new MIC for TKIP is computed by a new algorithm called "Michael", made by Niels Ferguson. It is a 64-bit MIC that is added to the Data and the ICV. The ICV is CRC of Data and MIC.
There are other MIC alternatives for TKIP called MPH and MMH.
This paper by Niels Ferguson is recommended reading for the inner workings of "Michael" and an evaluation of the alternatives.