Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term TKIP

Training Camp • Cybersecurity Glossary

What is TKIP?

Temporal Key Integrity Protocol, the WPA encryption that patched WEP with per-packet keys. It is now deprecated and insecure, replaced by AES-CCMP.

Glossary > Cryptography & PKI > TKIP

TKIP — Temporal Key Integrity Protocol, the WPA encryption that patched WEP with per-packet keys

Understanding TKIP

TKIP (Temporal Key Integrity Protocol) is the encryption protocol introduced with Wi-Fi Protected Access (WPA) to replace the broken WEP cipher. It was designed as a stopgap that could run on existing WEP hardware via firmware updates, adding per-packet keying and integrity checks. TKIP is now deprecated and considered insecure; modern networks use AES-based CCMP under WPA2/WPA3.

TKIP still uses the RC4 stream cipher like WEP but fixes WEP's worst flaws. It derives a unique per-packet key by mixing the base temporal key with the transmitter MAC and a 48-bit sequence counter, defeating WEP's key-reuse and replay weaknesses. It adds the Michael message integrity check (MIC) to detect forgeries and uses sequence numbers to drop replayed packets. These were practical improvements achievable without new silicon.

For security, TKIP must be avoided today. Its Michael MIC is weak, and attacks such as Beck-Tews and Ohigashi-Morii can decrypt or inject limited packets. Because TKIP relies on RC4 and a short integrity check, it offers far less protection than AES-CCMP. The Wi-Fi Alliance deprecated TKIP, and WPA3 forbids it entirely; enabling TKIP (or mixed WPA/WPA2-TKIP modes) on a network also caps it to legacy data rates and weakens the whole SSID.

For example, an administrator auditing a corporate wireless controller finds an SSID configured for WPA/WPA2 mixed mode allowing TKIP for backward compatibility with old handheld scanners. Because that setting exposes the network to TKIP attacks and prevents the use of stronger 802.11n/ac rates, the recommended remediation is to retire or replace the legacy devices and reconfigure the SSID for WPA2-AES (CCMP) or WPA3 only, eliminating TKIP from the environment entirely.

Learn More About TKIP:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →