Wireless Security: WEP, WPA, and WPA2

What do you know about WiFi security?

WiFi security algorithms have gone through many improvements and changes in the past two decades in order to be safe and efficient. New protocols with multiple innovative implementations have been developed for home WiFi networks - WEP, WPA, and WPA2 - all aiming at one goal. That is safety of wireless network users and integrity of their information. Additionally to all they do wireless security protocols encrypt your private data sent over the network.

However, despite numerous protection algorithms, wireless networks are still more vulnerable than wired. The latter basically transmits data between points A and B via a network cable. Wireless network transmits data between points A and B within its broadcasting range in every direction to every device that happens to be listening.

A wireless standard WEP was developed and approved for WiFi security in 1999. It was aimed to offer the security equal to one of the wired networks, however it turned out to have a whole bunch of security issues. In result this protocol is easy to break, but hard to configure. Even though a lot of effort has been made to make WEP better, it is still highly vulnerable. Systems that rely on this solution need an upgrade or replacement. This protocol has been officially abandoned by the Wi-Fi Alliance in 2004.

While 802.11i wireless security standard was under works, WPA was used as a temporary replacement for WEP. WPA was formally adopted one year before WEP was completely abandoned. Most modern WPA applications use a preshared key (PSK), most often referred to as WPA Personal, and the Temporal Key Integrity Protocol or TKIP (/tiːˈkɪp/) for encryption. There is WPA Personal and WPA Enterprise modes. The latter provides the security for wireless networks in business environments. It uses an authentication server to generate the keys and certificates.

Even though WPA was a significant improvement over WEP the issue with it was that the core components could be rolled out via firmware upgrades on WEP-enabled devices, still relying on exploited elements. After various tests WPA turned out to be just as vulnerable to intrusion as WEP.

The most threat was posed by not direct attacks, but rather those carried out on Wi-Fi Protected Setup (WPS) - auxiliary system for simpler linking of devices to modern access points.

In 2004 IEEE 802.11i (or IEEE 802.11i-2004) standard - WPA2 - was introduced. It employed the Advanced Encryption Standard (AES) for encryption. AES is approved by the U.S. government for encrypting the information classified as top secret. If it is considered reliable by US government, it should be reliable enough for home WiFi networks.

However in October 2017, the details of a major protocol vulnerability were published - KRACK (or Key Reinstallation Attacks). This exploit affects the core WPA2 protocol itself and can be used against Android, Linux, and OpenBSD devices. It is less effective against macOS and Windows devices, as well as MediaTek Linksys. The attackers could use the exploit to decrypt sensitive data that was considered safely and reliably encrypted by the protocol. There are patches available for affected systems.

Purpose

Leaving your router with no security at all can lead to a stolen bandwidth, someone performing illegal actions under your connection and name, monitoring of your web activity, and possible installation of malicious apps in your network. Even if not perfect, both WPA and WPA2 are supposed to secure wireless Internet networks from unauthorized access. Find out more about protecting your Wi-Fi network here.