WPA is an acronym for Wi-Fi Protected Access. WPA is a standard security protocol for wirelesslocal area networks (WLANs) developed by the Wi-Fi Alliance. WPA was released in 2003 as an improvement on WEP (Wired Equivalent Privacy). WPA2 is an extension of WPA and was released in 2004. The difference between the two lies in the way security keys are generated and encrypted.
The technology used in WPA
This wireless security standard was developed to counter the weaknesses of WEP’s authentication and encryption features. To provide stronger encryption, WPA uses a 128-bit TKIP (Temporary Key Integrity Protocol).
- Suggested read: Learn About Wireless Security Protocols – WEP, WPA, and WPA2
Instead of using a fixed key like WEP, TKIP dynamically produces a new key for each data packet that needs a transmission. TKIP encryption also includes a message integrity code (MIC) to detect spoofing of data.
WPA also includes built-in authentication support using RADIUS (Remote Authentication Dial-In User Service) servers, that was missing in WEP. This server authenticates device credentials before connecting them to the network.
TKIP was designed to ensure backward compatibility with older WEP devices using an updated firmware.
Later on, a security flaw was found in TKIP. It was discovered that TKIP was able to encrypt only small packets of data (128 bytes). Thus TKIP was replaced by another protocol called CCNP in WPA2.
The technology used in WPA2
WPA2 was developed to counter the security flaws in WPA. WPA2 replaced TKIP (key generation protocol in WPA) by another protocol called CCMP. CCMP is an acronym for Counter Mode Cipher Block Chaining Message Authentication Code Protocol.
In addition to using 128-bit security keys (as employed by WPA with TKIP), CCMP employs a 48-bit initialisation vector. The initialisation vector acts as a one-time password for each session.
By using a one-time password, this security protocol can counter replay attacks. In a replay attack, transmission of valid data is maliciously repeated or delayed.
Further, encryption used in WPA could encrypt only small packets of data (128 bytes). For encryption, WPA2 uses AES (Advanced Encryption Standard) along with CCMP, which can encrypt larger packets of data as well.
WPA2 also allows TKIP as an optional key generating protocol. On some routers, you may find the option to choose between WPA2-TKIP and WPA2-AES.
Using WPA2 as a security protocol requires you to use a longer password than WPA. This password needs to be entered only once on the wireless clients, but a longer password provides more security against hackers.
WPA2 Personal v/s WPA2 Enterprise
WPA2 is available in two different versions for home and enterprise use. For a home network, WPA2-Personal uses a common key that is shared among all the clients. For a corporate network, WPA2-Enterprise is recommended.
In WPA2-Enterprise, each user is assigned a unique credential – username and password. This is done to ensure that a single employee does not harm the company network.
This additional step in not required in a home network because there is less security risk in a home network than an enterprise network.
Which security protocol to choose – WPA or WPA2?
Many wireless routers come with support for both WPA and WPA2 technology. Since 2006, WPA2 has been made available on all certified Wi-Fi hardware. For older hardware, WPA2 was optional.
In such a case, you can log in to your router and choose which security protocol you want to run. WPA2 with AES encryption offers higher security and is a safer choice.
WPA2 runs more advanced algorithms and thus can slow the network’s performance. However, the performance impact is negligible when compared to the extra layer of security offered by WPA2.
Introduction of WPA3
Despite being more secure than WEP, pre-shared keys in WPA and WPA2 are still vulnerable to attacks. It is essential to make sure that the passwords are strong enough to prevent brute force attacks.
A brute force attack is a trial and error method where an automated software generates a large number of guesses to determine the passphrase.
In January 2018, the Wi-Fi Alliance has announced a new standard, WPA3. WPA3 uses 192-bit encryption as compared 128-bit in WPA and WPA2.
WPA3 is adding an extra layer of security by introducing an individualised encryption for each user. It is claimed that this will mitigate security issues posed by weak passwords.