IEEE 802.11i Wi-Fi Security: WEP & WPA / WPA2

- an overview or tutorial about the IEEE 802.11 standards for Wi-Fi and WLAN applications and the associated WLAN equipment and the use of Wifi hotspots.

Wi-Fi security is an issue of importance to all Wi-Fi users. It is defined under IEEE802.11i and systems such as WEP, WPA and WPA2 are widely mentioned, with keys or codes being provided for the various wi-fi hotspots in use.

Wi-Fi security is of significant importance because very many people use it: at home, in the office and when they are on the move. As the wireless signal can be picked up by non-authorised users, it is imperative to ensure that they cannot access the system.

Even users who legitimately gain access to a system could the try to hack other computers on the same hotspot.


Wi-Fi Security background

Wi-Fi access points advertise their presence by periodically sending out a beacon signal that contains the SSID. This allows prospective users to identify the access point and to try to connect to it.

Once detected, it is possible to try to connect to the access point, and the Wi-Fi authentication procedure starts. To achieve access, a key is generally required.

Since the introduction of Wi-Fi a variety of keys have been used:

  • WEP:   WEP or Wired Equivalent Privacy was the first form of authentication used with Wi-Fi. Unfortunately it was easy to crack, and other systems are now more widely used.
  • WPA:   Wi-Fi Protected Access WPA is a software / firmware improvement over WEP. The first version of this is also known as WPA1 or WPAv1.
  • WPA2:   WPA2 or WPAv2 is the next update to WPAv1 and provides significant improvement in the level of security.

WEP - wired-equivalent privacy key

The aim for this key was to make wireless networks such as Wi-Fi as safe as wired communications. Unfortunately this form of security did not live up to its name because it was soon hacked, and now there are many open source applications that can easily break into it in a matter of seconds.

In terms of its operation, the Wi-Fi WEP key uses a clear text message sent from the client. This is then encrypted and returned using a pre-shared key.

A WEP comes in different key sizes. The common key lengths are normally 128 or 256 bits.

The security of the WEP system is seriously flawed. Primarily it does not address the issue of key management and this is a primary consideration to any security system. Normally keys are distributed manually or via another secure route. The Wi-Fi WEP system uses shared keys - i.e. the access point uses the same key for all clients, and therefore this means that if the key is accessed then all users are compromised. It only takes listening to the returned authentication frames to be able to determine the key.

Obviously Wi-Fi WEP is better than nothing because not all people listening to a Wi-Fi access point will be hackers. It is still widely used and provides some level of security. However if it is used then higher layer encryption (SSL, TLS, etc.) should also be used when possible.


WPA Wi-Fi Protected Access

In order to provide a workable improvement to the flawed WEP system, the WPA access methodology was devised. The scheme was developed under the auspices of the Wi-Fi Alliance and utilised a portion of the IEEE 802.11i security standard - in turn the IEEE 802.11i standard had been developed to replace the WEP protocol.

One of the key elements of the WPA scheme is the use of the TKIP - Temporal Key Integrity Protocol. TKIP is part of the IEEE802.11i standard and operates by performing per-packet key mixing with re-keying.

In addition to this the WPA, Wi-Fi Protected Access scheme also provides optional support for AES-CCMP algorithm. This provides a significantly improved level of security.


WPA2 / WPAv2

The WPA2 scheme has now superseded WPA. It implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security.

Certification for WPA2 began in September, 2004 and now it is mandatory for all new devices that bear the Wi-Fi trademark.

By Ian Poole


<< Previous   |   Next >>


Share this page


Want more like this? Register for our newsletter








Perpetual Motion Machines - Always Giving 110% Mark Patrick | Mouser Electronics
Perpetual Motion Machines - Always Giving 110%
The perpetual motion machine is something that has been sought by inventors from the very earliest days of science . . . . but does the concept have links to the IIoT?
Training
Online - Effective Spectrum Analyzer Measurements
Learn how to make spectrum analyzer measurements at RF and microwave frequencies

More training courses

Whitepapers
Understanding 5G
Find out all about the current thinking and the technologies likely to be used for 5G. Be prepared . . read this informed and informative white paper.

More whitepapers










Radio-Electronics.com is operated and owned by Adrio Communications Ltd and edited by Ian Poole. All information is © Adrio Communications Ltd and may not be copied except for individual personal use. This includes copying material in whatever form into website pages. While every effort is made to ensure the accuracy of the information on Radio-Electronics.com, no liability is accepted for any consequences of using it. This site uses cookies. By using this site, these terms including the use of cookies are accepted. More explanation can be found in our Privacy Policy