To protect data sent via wireless, all access points come equipped with one of three standard encryption schemes: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2). Using one protocol rather than the other can make the difference between securing a network and leaving it exposed to snoopers and hackers.
Wired Equivalent Privacy (WEP)
WEP is the oldest and most widely used security protocol worldwide, since it has been the standard for the first generation of wireless networking devices. Originally introduced in September 1999 as the first encryption algorithm for the IEEE 802.11 standard, it was designed to provide a level of security on the same scale as a wired LAN. WEP secured data by encrypting it over radio waves using a standard 40-bit RC4 stream cipher for authentication and encryption. In the beginning, in fact, the U.S. government imposed restrictions on the export of various cryptographic technology, forcing many manufacturers to use this level of encryption. When those restrictions were later lifted, a 104-bit key was made available, and later on, even a 256-bit one.
Despite the many upgrades to the protocol, WEP has always been a very weak form of data protection. Since the encryption keys are static, once packets are intercepted it is relatively simple to deduce what the key is and crack it. Although continuous changes of the WEP key somewhat mitigate this risk, the operation is quite complicated and inconvenient. In addition, with the computing powers of modern processors, the key can still be compromised within a few seconds.
Today, WEP is an outdated technology that does not provide reliable security. Many flaws were identified as early as 2001, with several exploits floating around. In 2005 the FBI publicly demonstrated how easily WEP could be cracked in minutes using free tools. In 2009, a large-scale cyberattack was executed against T.J. Maxx and, since then, the Payment Card Industry Data Security Standard prohibited any organization that processes credit card data from using WEP.
Wi-Fi Protected Access (WPA)
To address the many vulnerabilities of the WEP standard, the WPA was developed and formally adopted in 2003. WPA improved wireless security through the use of 256-bit keys, the Temporal Key Integrity Protocol (TKIP) and the Extensible Authentication Protocol (EAP).
The TKIP is built on a per-packet key system rather than a fixed key one. It scrambles the keys through a hashing algorithm and their integrity is constantly checked. The EAP adds 802.1x user authentication and removes the need to regulate access to a wireless network through the MAC address, an identifier which is quite easy to sniff and steal. EAP makes use of a more robust public-key encryption system to provide authorization to the network. Smaller offices and consumers use a less stringent WPA-PSK (Pre-Shared Key) personal mode which employs pre-shared keys.
Since WPA was built as an upgrade of the WEP that could be rolled out onto existing WEP-protected devices, it has inherited many of its weaknesses. Although it is a much more solid form of protection than WEP, WPA can still be breached in many ways, mostly by attacking the Wi-Fi Protected Setup (WPS). Today, WPA’s even more secure successor is the WPA2 protocol.