Wireless Security Protocols : WEP, WPA & WPA2

Wireless security protocols like WEP, WPA and WPA2 ensure that only authorized parties connect to your wireless network, and that your traffic is encrypted. However, all three work differently, and provide different levels of security. In fact, WEP shouldn’t be used any longer, and WPA2 is preferred. These differences come down to the strength of the encryption algorithms used, and how they are implemented.

Standard Method Encryption Notes Notes
WEP RC4 stream 24-bit Initialization Vector Can be cracked in seconds
WPA TKIP 128-bit wrapper around WEP TKIP has been cracked
WPA2 AES-CCMP 128-bit AES encryption 48 bit initialization vector increases security

 

Wired Equivalent Privacy (WEP) is the oldest protocol, and can easily be cracked in seconds. It should only be used when necessary for backwards compatibility. RC4 is a stream cipher, and therefore shouldn’t be used  with repeated keys. WEP typically concatenates a 40-bit key with a 24-bit initialization vector to create the RC4 key. However, the 24-bit initialization vector is short enough that there is a 50% chance of repeats after 5,000 packets. This is why WEP can be cracked so quickly. 

Wi-Fi Protected Access (WPA) uses Temporal Key Integrity Protocol (TKIP) and partially implements the IEEE 802.11i standard. TKIP itself was deprecated in the 2012 IEEE 802.11 standard. It is essentially a 128-bit wrapper around WEP. It was meant to be a more secure replacement for WEP that, due to backwards compatibility, wouldn’t require replacing legacy hardware.

Wi-Fi Protected Access 2 (WPA2) fully implements 802.11i, and uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) along with 128-bit Advanced Encryption Standard (AES) encryption. WPA2 networks provide unique encryption keys for all wireless clients unlike WEP and WPA. It is currently the most secure choice although there are vulnerabilities to be aware of. This is one reason it is important to update and patch systems as soon as possible.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s