Wireless Security protocols Evolution
While going through the various Wi-Fi attacks, it’s worthwhile to combine them in a single post. This post discusses about the various Wi-Fi standards that evolved and evolving in networks. Since the inception, wireless networks have been considered insecure, unlike wired ones. To make wireless networks more secure and effective, Wi-Fi security protocols are developed and updated again and again to compensate for security flaws.
Wi-Fi Security Protocol Standards
- Wired Equivalent Privacy (WEP)
- Wi-Fi Protected Access (WPA)
- Wi-Fi Protected Access version 2 (WPA2)
- Wi-Fi Protected Access version 3 (WPA3)
WEP was the first Wi-Fi security protocol approved in September 1999. It was initially expected to deliver the same security level as wired networks. Nevertheless, at that time, cryptographic technology was restricted, and the Wi-Fi devices were limited to 64-bit encryption. Even though the limitation was broken though and increased to 128-bit, there were also many security issues in WEP that made the keys easy to crack.
WEP gradually performed its weakness, WPA was adopted by the Wi-Fi Alliance as an alternative for WEP. 256-bit encryption technology was introduced to WPA in year 2003, which is an obvious increase compared with the 63-bit and 128-bit encryption in the WEP system. In the WPA standard, there is a diversity between the two modes: WPA-Enterprise and WPA-Personal, which use different encryption methods.
WPA2 in 2004 was ratified as the new Wi-Fi security standard. The most significant improvement in the WPA2 security standard is the implementation of the Advanced Encryption Standard (AES), which provides higher security and performance. There is still a vulnerability that brings security problems because a hacker can get access to a secured WPA2 network and get access to certain keys to attack other devices on the same network. It is a security issue that matters for enterprise networks, instead of home network users.
WPA3 was proposed to simplify Wi-Fi standards and its robust nature will enhances the security. The advent of WPA3 remedies the protection against the flaws in WPA2 such as dictionary attacks.
WEP vs. WPA vs. WPA2 vs. WPA3 The Comparison
The main change from WEP to WPA3 security is reflected in that encryption has gone through a change from an insecure method to a much secure way.
|Encryption Method||RC4||TKIP With RC4||CCMP with AES||AES|
|Session Key Size||40-bit||128-bit||128-bit||128-bit (WPA3-Personal) 192-bit (WPA-Enterprise)|
|Data Integrity||CRC-32||Message Integrity Code||CBC-MAC||Secure Hash Algorithm|
|Key Mgmt.||Not provided||4-way handshake||4-way handshake||Simultaneous Authentication|
|Authentication||WPE-Open WPE-Shared||Pre-Shared Key (PSK) & 802.1x with EAP variant||Pre-Shared Key (PSK) & 802.1x with EAP variant||Simultaneous Authentication of Equals (SAE) & 802.1x with EAP variant|