Since the early days of being adopted, wireless networks have been considered insecure, unlike wired ones. To make wireless networks more secure and effective, Wi-Fi security protocols have been developed and undergone updates to compensate for security flaws. This article will focus on the four types of Wi-Fi security protocols, namely WEP, WPA, WPA2 and WPA3, and make a comparison among them to enable users to gain an in-depth understanding of Wi-Fi security while choosing wireless devices.
If you log in to your wireless router or access point and check the wireless security section, it will present generally four options of Wi-Fi security protocols: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access version 2 (WPA2) and Wi-Fi Protected Access version 3 (WPA3). Stroll through the history of Wi-Fi security protocol upgrading, you will find out the characteristics of the wireless security protocols and get to know what fits you most.
WEP stands for Wired Equivalent Privacy, and it was the first Wi-Fi security protocol approved in September 1999. It was initially expected to deliver the same security level as wired networks. A secondary function of WEP is said to prevent unauthorized access to a wireless network. However, it has been found that WEP is not as secure as desired. WEP is used at the two lowest layers of the OSI model – the data link and physical layers; it therefore does not offer end-to-end security. Nevertheless, at that time, cryptographic technology was restricted and the Wi-Fi devices were limited to 64-bit encryption. Even though the limitation was broken through and increased to 128-bit, there were also many security issues in WEP that made the keys easy to crack. Therefore, WEP, as a highly vulnerable wireless security protocol that can not bear its responsibility for protecting security, was finally replaced by WPA.
In 2003, as WEP gradually performed its weakness, WPA was adopted by the Wi-Fi Alliance as an alternative for WEP. 256-bit encryption technology was introduced to WPA, which is an obvious increase compared with the 64-bit and 128-bit encryption in the WEP system. In the WPA standard, there is a diversity between the two modes: WPA-Enterprise and WPA-Personal, which use different encryption methods. WPA-Personal is a common method to secure wireless networks, and it is suitable for most home networks. WPA-Enterprise provides the security needed for wireless networks in business environments where a RADIUS server is deployed.
WPA2 was ratified as the new Wi-Fi security standard in 2004. The most significant improvement in the WPA2 security standard is the implementation of the Advanced Encryption Standard (AES), which provides higher security and performance. There is still a vulnerability that brings security problems because a hacker can get access to a secured WPA2 network and get access to certain keys to attack other devices on the same network. It is a security issue that matters for enterprise networks, instead of home network users.
With the aim to “simplify Wi-Fi security, enable more robust authentication and deliver increased cryptographic strength for highly sensitive data markets”, WPA3 was proposed by the Wi-Fi Alliance in June 2018. The advent of WPA3 remedies the protection against the flaws in WPA2 such as dictionary attacks. For public networks such as coffee shops or hotels, WPA3 has really good security because it will automatically encrypt the connection without any needs for credentials.
From the introduction above, it can be seen that from WEP to WPA3, every type of security protocol is an improvement and enhancement over the last one. Below is a comparison chart that will help you know how the four generations of Wi-Fi security protocols differ from each other in every aspect.
As for the encryption method, WPA still uses WEP's insecure RC4 stream cipher but provides extra security through TKIP. While WEP and WPA used RC4 encryption, WPA2 uses the stronger AES-CCMP encryption algorithm, so does WPA3. AES has been deployed to protect daily Internet traffic as well as certain levels of classified information in the U.S. Government.
A session key is generated during the SSL handshake process each time someone connects to the website. The session keys are usually between 40-bit and 256-bit. The number indicates the size of the key. A larger key has more possible combinations.
And different from the WPA, and WPA2 using an imperfect 4-way handshake to enable wireless connections, which is the source of the KRACK vulnerability, Simultaneous Authentication of Equals handshake in WPA3 properly authenticates a device onto a network to protect connections from being attacked.
WPA3 replaces PSK with SAE, a more secure way to do the initial key exchange. At the same time, the session key size of WPA3 increases to 128-bit in WPA3-Personal mode and 192-bit in WPA3-Enterprise, which makes the password harder to crack than the previous Wi-Fi security standards.
From the comparison above, it's obvious that WPA3 shows the highest security and performance among these four types of Wi-Fi security standards, especially for enterprise networks and public areas. (See WPA3 Security: Why Your Enterprise Business Needs It? to know more) With overtime, new wireless security flaws may be discovered and there may appear newer solutions addressing WPA3 shortcomings. But at least for now, WPA3 as the brand new wireless security protocol brings better protection than the previous standards though it will take a while for WPA3 to fully roll out. The suggestion is to use WPA3 security to future-proof your wireless networks if you can.