IEEE 802.11i Wi-Fi Security: WEP & WPA / WPA2
- an overview or tutorial about the IEEE 802.11 standards for Wi-Fi and WLAN applications and the associated WLAN equipment and the use of Wifi hotspots.
Wi-Fi security is an issue of importance to all Wi-Fi users. It is defined under IEEE802.11i and systems such as WEP, WPA and WPA2 are widely mentioned, with keys or codes being provided for the various wi-fi hotspots in use.
Wi-Fi security is of significant importance because very many people use it: at home, in the office and when they are on the move. As the wireless signal can be picked up by non-authorised users, it is imperative to ensure that they cannot access the system.
Even users who legitimately gain access to a system could the try to hack other computers on the same hotspot.
Wi-Fi Security background
Wi-Fi access points advertise their presence by periodically sending out a beacon signal that contains the SSID. This allows prospective users to identify the access point and to try to connect to it.
Once detected, it is possible to try to connect to the access point, and the Wi-Fi authentication procedure starts. To achieve access, a key is generally required.
Since the introduction of Wi-Fi a variety of keys have been used:
- WEP: WEP or Wired Equivalent Privacy was the first form of authentication used with Wi-Fi. Unfortunately it was easy to crack, and other systems are now more widely used.
- WPA: Wi-Fi Protected Access WPA is a software / firmware improvement over WEP. The first version of this is also known as WPA1 or WPAv1.
- WPA2: WPA2 or WPAv2 is the next update to WPAv1 and provides significant improvement in the level of security.
WEP - wired-equivalent privacy key
The aim for this key was to make wireless networks such as Wi-Fi as safe as wired communications. Unfortunately this form of security did not live up to its name because it was soon hacked, and now there are many open source applications that can easily break into it in a matter of seconds.
In terms of its operation, the Wi-Fi WEP key uses a clear text message sent from the client. This is then encrypted and returned using a pre-shared key.
A WEP comes in different key sizes. The common key lengths are normally 128 or 256 bits.
The security of the WEP system is seriously flawed. Primarily it does not address the issue of key management and this is a primary consideration to any security system. Normally keys are distributed manually or via another secure route. The Wi-Fi WEP system uses shared keys - i.e. the access point uses the same key for all clients, and therefore this means that if the key is accessed then all users are compromised. It only takes listening to the returned authentication frames to be able to determine the key.
Obviously Wi-Fi WEP is better than nothing because not all people listening to a Wi-Fi access point will be hackers. It is still widely used and provides some level of security. However if it is used then higher layer encryption (SSL, TLS, etc.) should also be used when possible.
WPA Wi-Fi Protected Access
In order to provide a workable improvement to the flawed WEP system, the WPA access methodology was devised. The scheme was developed under the auspices of the Wi-Fi Alliance and utilised a portion of the IEEE 802.11i security standard - in turn the IEEE 802.11i standard had been developed to replace the WEP protocol.
One of the key elements of the WPA scheme is the use of the TKIP - Temporal Key Integrity Protocol. TKIP is part of the IEEE802.11i standard and operates by performing per-packet key mixing with re-keying.
In addition to this the WPA, Wi-Fi Protected Access scheme also provides optional support for AES-CCMP algorithm. This provides a significantly improved level of security.
WPA2 / WPAv2The WPA2 scheme has now superseded WPA. It implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security.
Certification for WPA2 began in September, 2004 and now it is mandatory for all new devices that bear the Wi-Fi trademark.
By Ian Poole
Share this page
Want more like this? Register for our newsletter