Using a wireless network has many advantages. You don’t have to deal with the mess of wires just to get online. Wireless networking has also allowed wide usage of portable devices such as phones, laptops and tablets. However, using radio signals for communication poses a security risk as anyone can connect to the network and breach your security. To ensure the safety of your information, be it your Instagram passwords or transaction information, it is essential to have an encrypted wireless network. WEP, WPA and WPA2 are three different types of wireless encryption protocols.
These protocols were created by the Wi-Fi Alliance which is an association with over 300 companies from the wireless network industry. Based on the function of these protocols and your need and put one of them to use for your network security.
The acronym WEP stands for Wired Equivalent Privacy. This was the first protocol developed by the Wi-Fi Alliance and was introduced in 1997. WEP used Rivest Cipher 4 (RC4) for authentication and encryption.
In RC4, a shared key is used for both encryption (encoding) and decryption (decoding) of data. The key is fixed which needs to be shared manually and updated by an administrator in the router.
The original standard used a 40-bit key. After a change in rules and regulations, a 104-bit key came into practice.
Drawbacks of WEP
In 2001, several vulnerabilities were identified in WEP. Later on, a large-scale cyber attack against T.J. Maxx in 2009 was traced back to these flaws. This led to phasing out of WEP usage in both enterprise and consumer devices, especially in the payment industry.
In some places, WEP is still in use. This could be because it is still the default setting on their access points or routers or the devices installed are old which do not support advanced security.
WPA stands for Wi-Fi Protected Access. This wifi security technology was developed to counter the weaknesses of WEP’s authentication and encryption features. WAP was made available in 2003.
To provide stronger encryption, WPA uses a 128-bit TKIP (Temporary Key Integrity Protocol). Instead of using a fixed key like WEP, TKIP dynamically produces a new key for each data packet.
TKIP encryption also includes a message integrity code (MIC) to detect spoofing of data. This replaces cyclic redundancy check which is WEP’s weaker packet guarantee.
WPA also includes built-in authentication support using RADIUS (Remote Authentication Dial-In User Service) servers, that was missing in WEP. This server authenticates device credentials before connecting them to the network.
TKIP was designed to ensure backward compatibility with older WEP devices using an updated firmware.
Drawbacks of WPA
Later on, a security flaw was found in TKIP. It was discovered that TKIP was able to encrypt on small packets of data (128 bytes). Thus TKIP was replaced by another protocol called CCNP in WPA2.
WPA2, an acronym for Wi-Fi Protected Access, followed WPA in 2004. WPA2 was developed to counter the security flaw in WPA. CCNP replaced TKIP in WPA with AES encryption in WPA2. CCMP stands for Counter Mode Cipher Block Chaining Message Authentication Code Protocol.
For additional security, CCMP employs 48-bit initialisation vector along with 128-bit keys. The initialisation vector acts as a one time password for each session and helps counter replay attacks. In a replay attack, transmission of valid data is maliciously repeated or delayed.
WEP vs WPA2
Despite being more secure than WEP, WPA pre-shared keys are still vulnerable to attacks. This makes it essential to ensure the passwords used are strong enough to prevent brute force attacks.
A brute force attack is a trial and error method where an automated software generates a large number of guesses to determine the passphrase.
To counter the above problem, in January 2018, the Wi-Fi Alliance has announced a new standard, WPA3. WPA3 uses 192-bit encryption as compared 128-bit in WPA and WPA2.
It also introduces an individualised encryption for each user. It is claimed that this will mitigate security issues posed by weak passwords.