WEP, WPA2 & WPA3: A brief guide to WiFi security

As a rule of thumb, whenever you connect to a Wi-Fi network using a password, variations of the following Wi-Fi security protocols come into play: WEP, WPA, & WPA2. The acronyms WEP, WPA, and WPA2 represent generations of Wi-Fi security protocols present on most if not all WiFi networks. We are going to cover the merits and demerits of each Wi-Fi security protocol in due course. But before we hit you with the truth, let’s take you on a trip down memory lane.

The Wi-Fi Alliance, an association of over 300 companies in the wireless network industry created the above-mentioned security protocols in a bid to secure wireless networks. The first security protocol released was WEP (Wired Equivalent Privacy) which was ratified in September 1999. This was followed up by WPA (Wi-Fi Protected Access) in 2003 and WPA2 the next year in 2004. As of 2018, the Wi-Fi Alliance is in the process of replacing WPA2 with WPA3 after a span of 14 years at the helm of Wi-Fi security.

Advertisement - Continue reading below

Timeline

  • WEP: Original IEEE 802.11 standard ratified in 1999
  • WPA: draft IEEE 802.11 standard available since 2003
  • WPA2: full IEEE 802.11i standard available in 2004
  • WPA3: Available in January 2018

WEP: Original IEEE 802.11 standard ratified in 1999

Wired Equivalent Privacy (WEP) is the original encryption protocol developed for wireless networks. As the name implies, WEP was designed to provide the same level of security as wired networks. However, U.S. restrictions on the export of various cryptographic technology at the time led to manufacturers restricting their devices to only 64-bit encryption. Once these restrictions were lifted, the encryption was beefed up to 128-bit and 256-bit encryption. Nevertheless, 128-bit WEP is currently the most common of the lot.

WEP suffered from gaping security flaws, the most major being the use of the same encryption key for every data packet. Numerous exploits by individuals, organisations and even the FBI broke WEP encryption which did it in under 3 minutes using freely available tools during a public demonstration. Not even later security upgrades have been able to patch WEP encryption to a semblance of standard security. For this reason, the Wi-Fi Alliance officially retired WEP in 2004 in favor of WPA2.

WPA: draft IEEE 802.11 standard available since 2003

Wi-Fi Protected Access (WPA) was introduced as a temporary replacement of WEP while a much more robust WPA2 was being developed by the Wi-Fi Alliance. Some of the security improvements introduced included the Temporal Key Integrity Protocol (TKIP) which was designed to replace the notoriously weak WEP encryption without the need to replace legacy devices.

Unlike the fixed key system employed by WEP, TKIP did one better by scrambling the encryption key which was considered more secure. WPA also featured packet integrity checks between access point and client (a handshake). This ensures that nothing has been tampered with in transit.

However, exploits on TKIP soon found security holes and thus is no longer considered secure. TKIP  is now deprecated in favor of Advanced Encryption Standard (AES). Much as there is WPA +AES encryption, most devices that support AES support WPA2, so it goes to reason that they would choose that option.

WPA2: full IEEE 802.11i standard available in 2004

WPA2 superseded the draft WPA standard on all Wi-Fi Certified Wi-Fi hardware since the year 2006. The significant improvement with WPA2 is the implementation of the much stronger AES encryption. This works alongside CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol). The combination of these two encryption techniques makes it difficult to spot patterns on stop of ensuring that data packets aren’t tampered with.

WPA- Personal/WPA2 PSK (Pre-shared Key) designed for home networks is perhaps the most commonly used authentication method. It utilizes keys which are 64-hexadecimal digits long, with only WPA Enterprise which uses a RADIUS server for authentication being more secure.

The major drawback of using WPA2 is incidentally a separate feature – Wi-Fi Protected Setup (WPS). WPS was designed to simplify the process of connecting to a network without having to dish out your password unnecessarily. Unfortunately, flaws have been discovered in how this protocol is implemented which hackers can exploit. For this reason, it’s advisable to simply turn WPS off.

WPA3: Available in January 2018

WPA3 is a coming of age of WiFi security. The Wi-Fi Alliance has built WPA3 as a culmination of the shortcomings of the various Wi-Fi protocols starting with WEP. Expected to hit the shelves in late 2019, it will come in two modes: WPA3-Personal and WPA3-Enterprise. These modes will provide a  simpler authentication for Wi-Fi devices with limited or no display interface,  beefed up encryption. Networks will be harder to hack even with bad or no passwords at all. This security will extend to even public Wi-Fi networks which will be more secure.

WPA3 Personal will implement Simultaneous Authentication of Equals (SAE), a secure key protocol between devices. SAE provides stronger encryption for users against password guessing attempts by third parties. WPA3-Enterprise for its part offers 192-bit encryption and additional cryptographic safeguards for networks transmitting sensitive data, such as governments and the banking sector.