Since the early days of being adopted, wireless networks have been considered insecure, unlike wired ones. To make wireless networks more secure and effective, Wi-Fi security protocols are developed and updated again and again to compensate for security flaws. This article will focus on the four types of Wi-Fi security protocols and make a comparison among them with the aim to enable users to have a deep understanding of Wi-Fi security while choosing wireless devices.
If you log in to your wireless router or access point and check the wireless security section, it will present generally four options of Wi-Fi security protocols: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access version 2 (WPA2) and Wi-Fi Protected Access version 3 (WPA3). Stroll through the history of Wi-Fi security protocol upgrading, you will find out the characteristics of the wireless security protocols and really get to know what fits you most.
WEP was the first Wi-Fi security protocol approved in September 1999. It was initially expected to deliver the same security level as wired networks. Nevertheless, at that time, cryptographic technology was restricted and the Wi-Fi devices were limited to 64-bit encryption. Even though the limitation was broken though and increased to 128-bit, there were also many security issues in WEP that made the keys easy to crack. Therefore, WEP, as a highly vulnerable wireless security protocol that can not bear its responsibility for protecting security, was finally replaced by WPA.
In 2003, as WEP gradually performed its weakness, WPA was adopted by the Wi-Fi Alliance as an alternative for WEP. 256-bit encryption technology was introduced to WPA, which is an obvious increase compared with the 63-bit and 128-bit encryption in the WEP system. In the WPA standard, there is a diversity between the two modes: WPA-Enterprise and WPA-Personal, which use different encryption methods.
WPA2 was ratified as the new Wi-Fi security standard in 2004. The most significant improvement in the WPA2 security standard is the implementation of the Advanced Encryption Standard (AES), which provides higher security and performance. There is still a vulnerability that brings security problems because a hacker can get access to a secured WPA2 network and get access to certain keys to attack other devices on the same network. It is a security issue that matters for enterprise networks, instead of home network users.
With the aim to “simplify Wi-Fi security, enable more robust authentication and deliver increased cryptographic strength for highly sensitive data markets”, WPA3 was proposed by the Wi-Fi Alliance in June 2018. The advent of WPA3 remedies the protection against the flaws in WPA2 such as dictionary attacks. For public networks such as coffee shops or hotels, WPA3 has really good security because it will automatically encrypt the connection without any needs for credentials.
From the introduction above, it can be seen that from WEP to WPA3, every type of security protocol is an improvement and enhancement over the last one. Following is a comparison chart that will help you know how the four generations of Wi-Fi security protocols change in every aspect.
|Encryption Method||Rivest Cipher 4 (RC4)||Temporal Key Integrity Protocol (TKIP) with RC4||CCMP and Advanced Encryption Standard (AES||Advanced Encryption Standard (AES)|
|Session Key Size||40-bit||128-bit||128-bit||128-bit (WPA3-Personal) 192-bit (WPA-Enterprise)|
|Data Integrity||CRC-32||Message Integrity Code||CBC-MAC||Secure Hash Algorithm|
|Key Management||Not provided||4-way handshaking mechanism||4-way handshaking mechanism||Simultaneous Authentication of Equals handshake|
|Authentication||WPE-Open WPE-Shared||Pre-Shared Key (PSK) & 802.1x with EAP variant||Pre-Shared Key (PSK) & 802.1x with EAP variant||Simultaneous Authentication of Equals (SAE) & 802.1x with EAP variant|
The main change from WEP to WPA3 security is reflected in that encryption has gone through a change from an insecure method to a much secure way. WEP uses the RC4 algorithm, which is initially insecure especially for WEP which uses small keys and key management. When it comes to WPA, TKIP was designed to replace WEP without the need to replace the legacy equipment. Owing to that TKIP uses the same basic mechanism as WEP, it is vulnerable to a number of similar attacks.
Later, WPA2 upgrades AES-CCMP encryption instead of RC4 and TKIP, and WPA3 replaces PSK with SAE, a more secure way to do the initial key exchange. At the same time, the session key size of WPA3 increases to 128-bit in WPA3-Personal mode and 192-bit in WPA3-Enterprise, which makes the password harder to crack than the previous Wi-Fi security standards.
And different from the WPA and WPA2 using an imperfect 4-way handshake to enable wireless connections, which is the source of the KRACK vulnerability, Simultaneous Authentication of Equals handshake in WPA3 properly authenticates a device onto a network to protect connections from being attacked.
From the comparison above, it's obvious that WPA3 shows the highest security and performance among these four types of Wi-Fi security standards, especially for enterprise networks and public areas. (See WPA3 Security: Why Your Enterprise Business Needs It? to know more) With overtime, new wireless security flaws may be discovered and there may appear newer solutions addressing WPA3 shortcomings. But at least for now, WPA3 as the branded new wireless security protocol brings better protection than the previous standards though it will take a while for WPA3 to fully roll out. The suggestion is to use WPA3 security to future-proof your wireless networks if you can.