While going through the various Wi-Fi attacks, it’s worthwhile to combine them in a single post. This post discusses about the various Wi-Fi standards that evolved and evolving in networks. Since the inception, wireless networks have been considered insecure, unlike wired ones. To make wireless networks more secure and effective, Wi-Fi security protocols are developed and updated again and again to compensate for security flaws.

Wi-Fi Security Protocol Standards

  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)
  • Wi-Fi Protected Access version 2 (WPA2)
  • Wi-Fi Protected Access version 3 (WPA3)

WEP

WEP was the first Wi-Fi security protocol approved in September 1999. It was initially expected to deliver the same security level as wired networks. Nevertheless, at that time, cryptographic technology was restricted, and the Wi-Fi devices were limited to 64-bit encryption. Even though the limitation was broken though and increased to 128-bit, there were also many security issues in WEP that made the keys easy to crack.

WPA

WEP gradually performed its weakness, WPA was adopted by the Wi-Fi Alliance as an alternative for WEP. 256-bit encryption technology was introduced to WPA in year 2003, which is an obvious increase compared with the 63-bit and 128-bit encryption in the WEP system. In the WPA standard, there is a diversity between the two modes: WPA-Enterprise and WPA-Personal, which use different encryption methods.

WPA2

WPA2 in 2004 was ratified as the new Wi-Fi security standard. The most significant improvement in the WPA2 security standard is the implementation of the Advanced Encryption Standard (AES), which provides higher security and performance. There is still a vulnerability that brings security problems because a hacker can get access to a secured WPA2 network and get access to certain keys to attack other devices on the same network. It is a security issue that matters for enterprise networks, instead of home network users.

WPA3

WPA3 was proposed to simplify Wi-Fi standards and its robust nature will enhances the security. The advent of WPA3 remedies the protection against the flaws in WPA2 such as dictionary attacks.

WEP vs. WPA vs. WPA2 vs. WPA3 The Comparison

The main change from WEP to WPA3 security is reflected in that encryption has gone through a change from an insecure method to a much secure way.

TypeWEPWPAWPA2WPA3
Release Year1999200320042018
Encryption MethodRC4TKIP With RC4CCMP with AESAES
Session Key Size40-bit128-bit128-bit128-bit (WPA3-Personal) 192-bit (WPA-Enterprise)
Cipher TypeStreamStreamBlockBlock
Data IntegrityCRC-32Message Integrity CodeCBC-MACSecure Hash Algorithm
Key Mgmt.Not provided4-way handshake4-way handshakeSimultaneous Authentication
AuthenticationWPE-Open WPE-SharedPre-Shared Key (PSK) & 802.1x with EAP variantPre-Shared Key (PSK) & 802.1x with EAP variantSimultaneous Authentication of Equals (SAE) & 802.1x with EAP variant