WEP
WEP (Wired Equivalent Privacy)
WEP was one of the first encryption standards for wireless networks, introduced in the late 1990s as part of the original IEEE 802.11 standard. Its goal was to provide confidentiality on wireless networks comparable to that of wired networks.
WEP uses the RC4 encryption algorithm and a static key, typically 64 or 128 bits in length. However, due to several cryptographic flaws—particularly in the key scheduling algorithm—WEP is vulnerable to several forms of attack, including packet sniffing and replay attacks.
Key Characteristics:
– Based on RC4 stream cipher.
– Uses a static encryption key (manually configured).
– Easy to implement but extremely insecure by today’s standards.
– Can be cracked within minutes using readily available tools.
Status:
WEP has been deprecated by the Wi-Fi Alliance and should not be used under any circumstances.
WPA
WPA (Wi-Fi Protected Access)
WPA was introduced in 2003 as a temporary solution to address WEP’s shortcomings while the IEEE worked on a long-term standard (WPA2). WPA still used the RC4 algorithm but introduced TKIP (Temporal Key Integrity Protocol) to dynamically change encryption keys during sessions, making it more secure than WEP.
While WPA improved security, it was still vulnerable to certain attacks, especially if a weak passphrase was used.
Key Features:
– Uses TKIP for dynamic key management.
– Still based on RC4, but with enhancements.
– Includes Message Integrity Check (MIC) to prevent packet tampering.
– Backward-compatible with WEP hardware (with firmware updates).
Vulnerabilities:
– Susceptible to dictionary attacks.
– TKIP is now considered insecure for high-security environments.
Status:
Still supported on many devices but has largely been phased out in favor of WPA2 and WPA3.
WPA2
WPA2 (Wi-Fi Protected Access 2)
WPA2, introduced in 2004, became the mandatory standard for Wi-Fi certification in 2006. It replaced TKIP with CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) and adopted AES (Advanced Encryption Standard) for much stronger security.
WPA2 is available in two main modes:
– WPA2-Personal (PSK): Uses a pre-shared key, suitable for home use.
– WPA2-Enterprise: Uses a RADIUS server and 802.1X authentication, ideal for businesses and institutions.
Key Features:
– AES-based encryption (more secure than RC4).
– Support for fast roaming (802.11r).
– Optional support for Protected Management Frames (PMF).
Vulnerabilities:
– Susceptible to brute-force attacks if weak passwords are used.
– Vulnerable to KRACK (Key Reinstallation Attacks) if devices are unpatched.
Status:
Still widely used and supported, though WPA3 is beginning to replace it in modern devices.
WPA3
WPA3 (Wi-Fi Protected Access 3)
WPA3 was introduced in 2018 to enhance the security of wireless networks in both personal and enterprise environments. It addresses many of WPA2’s shortcomings and includes several new features aimed at improving authentication and data protection.
Key Innovations:
– SAE (Simultaneous Authentication of Equals): Replaces PSK, offering better resistance to offline dictionary attacks.
– Forward Secrecy: Prevents attackers from decrypting old data even if a key is compromised later.
– Enhanced Open: Encrypts data even in open networks (e.g., public Wi-Fi) using Opportunistic Wireless Encryption (OWE).
– 192-bit Security Suite: For WPA3-Enterprise, meeting high-security government and enterprise standards.
Advantages Over WPA2:
– More secure key exchange process.
– Protection even on open, password-less networks.
– Mandatory PMF support for preventing deauthentication attacks.
Limitations:
– Limited device support (mostly newer hardware).
– Compatibility issues with legacy devices in mixed environments.
Status:
The most secure Wi-Fi standard available and recommended for all new devices and networks. Adoption is growing steadily as more routers and devices support it.