Wi-Fi Security Protocols
Imagine you are traveling and you are at an airport. You open your laptop or phone to send an email, and instead of seeing your inbox, you get the message “unable to connect” or “no access found.” You are offline. You quickly begin looking for a way to connect to the internet. You open your computer’s list of wireless networks and see a long list of names, some with little padlock icons next to them, others without an icon. Thinking a padlock icon seems like a good indication of network security, you click on the name of one of the “locked” Wi-Fi networks only to be prompted to log in with a password that you do not know. You give up and click one of the network names without a padlock icon. Within seconds your device joins the internet, your inbox fills up, and you forget just how you managed to connect to the internet for free.
You have found one of the innumerable open, unencrypted Wi-Fi hotspots around the world, and you have just trusted your data and your identity to everyone in your immediate vicinity and anyone else that may have remote control over this Wi-Fi hotspot.
Whenever you connect to an open Wi-Fi network, you are sending and receiving all of your data in the clear, a term used to describe unencrypted traffic. Unless your application performs encryption on its own, your data is plainly visible to anyone with a computer and a wireless network card. Whether you are using a company-issued laptop containing highly confidential data, or you are just using your personal phone to browse the web, you must take wireless security very seriously. To avoid risking your data and identity, you should only connect to Wi-Fi hotspots that require you to enter a password or key to connect to them. This ensures the data is encrypted, though not all forms of encryption are equal.
The list of security protocols here (3DES and AES) are in order from weakest to strongest—you should always use AES if at all possible. The implementation of wireless encryption standards is also listed in order from weakest to strongest (WEP to WPA3).
Wi-fi Security Protocols | ||||
---|---|---|---|---|
WEP | WPA | WPA2 | WPA3 | |
Brief description | Ensure wired-like privacy in wireless | Based on 802.11i without requirement for new hardware | All mandatory 802.11i features and a new hardware | Announced by Wi-Fi Alliance |
Encryption | RC4 | TKIP + RC4 | CCMP/AES | GCMP-256 |
Authentication | WEP-Open | WPA-PSK | WPA2-Personal | WPA3-Personal |
Data integrity | CRC-32 | MIC algorithm | Cipher Block Chaining Message Authentication Code (based on AES) | 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256) |
Key management | none | 4-way handshake | 4-way handshake | Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) |
Triple DES (often abbreviated 3DES) is a symmetric encryption algorithm that uses the now antiquated DES (data encryption standard) algorithm three times in a row to encrypt your data. The DES algorithm uses only 56-bit encryption and can be compromised by brute force software running on modern hardware in less than a day. By utilizing multiple independent keys, 3DES increases the overall complexity of the encryption, but the encryption can still be compromised. In fact, the chance that an attacker can figure out the keys increases as you send more data in a single 3DES session. NIST, Microsoft, and many others have phased out the use of DES and 3DES, but there are still organizations and standards that use them. Also, some Wi-Fi networks still support it for backward compatibility with older devices.
The Advanced Encryption Standard (AES) is considered a very secure form of encryption today, although, with advances in computing power and quantum computing, it may not be considered secure forever. AES can be used with a 128-bit, 192-bit, or 256-bit key. Longer key lengths are exponentially harder to crack, but they also increase the amount of computing power required to encrypt the data. Today, most devices and websites use the 256-bit version (AES-256).
The AES standard, like 3DES and DES, is a symmetric key algorithm. One advantage of most modern processors is that they support hardware acceleration via the CPU instruction set called AES-NI (AES New Instructions). These instructions allow the CPU to process AES encryption at very fast speeds, potentially upward of 10 GB per second. This, in turn, allows a computer to encrypt its wireless network traffic using AES and then transmit it at native wireless speeds with minimal, if any, effect on performance.
Wired equivalent privacy (WEP) was part of the first wireless standards proposed by the IEEE in 1997. As the name suggests, the idea was to provide the same level of security as a wired network for wireless networks. A WEP key is either 10 or 26 hexadecimal digits. Each hexadecimal digit is 4 bits. Therefore, the bit length of the encryption key is either 40-bit or 104-bit, both of which can be compromised in under a day using brute force methods on standard workstation hardware. Because all packets are encrypted by that key, WEP is very vulnerable to attack today. In 2003, the Wi-Fi Alliance, a group that certifies interoperability of devices, stated that WEP had been superseded by Wi-Fi protected access (WPA). The Wi-Fi Alliance later deprecated WEP in 2004.
Wi-Fi protected access (WPA), and the subsequent standards WPA2 and WPA3 described below, were defined by the Wi-Fi Alliance and the IEEE to overcome the weaknesses of WEP. WPA was designed as a short-term bridge between the original WEP standard and the more secure IEEE 802.11i standard, which was finalized in 2004 (now known as WPA2). WPA is based on the draft IEEE 802.11i standard that was released in 2003.
One of the most noticeable differences between WEP and WPA is the key used to access the wireless network. Where WEP relies on a fixed-length hexadecimal preshared key, WPA uses a variable-length alphanumeric passphrase, which can range from 8 to 63 characters in length.
Another subtler, but even more powerful, upgrade for WPA is the addition of an encryption process known as temporal key integrity protocol (TKIP). Unlike WEP where all packets on the network are encrypted using the same encryption key, TKIP gives WPA a significant security boost by generating a new 128-bit encryption key for every packet sent on the network. This means that instead of cracking one key to decrypt the traffic, an attacker must crack potentially millions of keys. That said, over time, several flaws and weaknesses have been found in the WPA protocol, which prompted the release of WPA2 and then WPA3.
Introduced in 2004 by the Wi-Fi Alliance, WPA2 quickly became the standard for wireless security for the next 15 years. The major difference between WPA2 and the original WPA is the mandatory support for Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP for short), which is part of the AES encryption standard. It is designed to provide data confidentiality, authentication, and access control to the network. Eventually, WPA2 developed weaknesses that led to the development of WPA3 as its replacement.
WPA3 was released in January 2018 to address the weaknesses of WPA2. Specifically, it increases the minimum key strength to 192-bits for enterprise mode connections, which are often used in organizations instead of the alternate personal mode available in WPA standards.
A much more noticeable change in WPA3 is the elimination of the passphrase or key that WEP, WPA, and WPA2 use to allow computers to join a personal-mode wireless network. In WPA3, all devices now use the simultaneous authentication of equals (SAE) method to exchange the network key as defined in the IEEE 802.11-2016 standard. The SAE method ensures the initial key exchange in personal mode is more secure by eliminating the need to tell others the key before they connect to the network.
WPA3 also implements another method known as forward secrecy or perfect forward secrecy (PFS), which ensures that even if one session key is compromised, that compromised key will only affect data exchanged in that encryption session, not in any past or future sessions.
One other improvement in this standard, as defined in the 802.11w specification, is the encryption of management frames, such as de-associating from the network (see Deauth Attack section below for an exploit of this behavior in networks without WPA3). This is only possible once encryption has been established, so devices are still vulnerable to management frame attacks prior to the session encryption negotiation.
All new devices and routers will support the WPA3 standard and, as with the other standards listed here, you should always choose the latest standard supported by the wireless devices and routers.
Imagine you are traveling and you are at an airport. You open your laptop or phone to send an email, and instead of seeing your inbox, you get the message “unable to connect” or “no access found.” You are offline. You quickly begin looking for a way to connect to the internet. You open your computer’s list of wireless networks and see a long list of names, some with little padlock icons next to them, others without an icon. Thinking a padlock icon seems like a good indication of network security, you click on the name of one of the “locked” Wi-Fi networks only to be prompted to log in with a password that you do not know. You give up and click one of the network names without a padlock icon. Within seconds your device joins the internet, your inbox fills up, and you forget just how you managed to connect to the internet for free.
You have found one of the innumerable open, unencrypted Wi-Fi hotspots around the world, and you have just trusted your data and your identity to everyone in your immediate vicinity and anyone else that may have remote control over this Wi-Fi hotspot.
Whenever you connect to an open Wi-Fi network, you are sending and receiving all of your data in the clear, a term used to describe unencrypted traffic. Unless your application performs encryption on its own, your data is plainly visible to anyone with a computer and a wireless network card. Whether you are using a company-issued laptop containing highly confidential data, or you are just using your personal phone to browse the web, you must take wireless security very seriously. To avoid risking your data and identity, you should only connect to Wi-Fi hotspots that require you to enter a password or key to connect to them. This ensures the data is encrypted, though not all forms of encryption are equal.
The list of security protocols here (3DES and AES) are in order from weakest to strongest—you should always use AES if at all possible. The implementation of wireless encryption standards is also listed in order from weakest to strongest (WEP to WPA3).
Wi-fi Security Protocols | ||||
---|---|---|---|---|
WEP | WPA | WPA2 | WPA3 | |
Brief description | Ensure wired-like privacy in wireless | Based on 802.11i without requirement for new hardware | All mandatory 802.11i features and a new hardware | Announced by Wi-Fi Alliance |
Encryption | RC4 | TKIP + RC4 | CCMP/AES | GCMP-256 |
Authentication | WEP-Open | WPA-PSK | WPA2-Personal | WPA3-Personal |
Data integrity | CRC-32 | MIC algorithm | Cipher Block Chaining Message Authentication Code (based on AES) | 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256) |
Key management | none | 4-way handshake | 4-way handshake | Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) |
Triple DES (often abbreviated 3DES) is a symmetric encryption algorithm that uses the now antiquated DES (data encryption standard) algorithm three times in a row to encrypt your data. The DES algorithm uses only 56-bit encryption and can be compromised by brute force software running on modern hardware in less than a day. By utilizing multiple independent keys, 3DES increases the overall complexity of the encryption, but the encryption can still be compromised. In fact, the chance that an attacker can figure out the keys increases as you send more data in a single 3DES session. NIST, Microsoft, and many others have phased out the use of DES and 3DES, but there are still organizations and standards that use them. Also, some Wi-Fi networks still support it for backward compatibility with older devices.
The Advanced Encryption Standard (AES) is considered a very secure form of encryption today, although, with advances in computing power and quantum computing, it may not be considered secure forever. AES can be used with a 128-bit, 192-bit, or 256-bit key. Longer key lengths are exponentially harder to crack, but they also increase the amount of computing power required to encrypt the data. Today, most devices and websites use the 256-bit version (AES-256).
The AES standard, like 3DES and DES, is a symmetric key algorithm. One advantage of most modern processors is that they support hardware acceleration via the CPU instruction set called AES-NI (AES New Instructions). These instructions allow the CPU to process AES encryption at very fast speeds, potentially upward of 10 GB per second. This, in turn, allows a computer to encrypt its wireless network traffic using AES and then transmit it at native wireless speeds with minimal, if any, effect on performance.
Wired equivalent privacy (WEP) was part of the first wireless standards proposed by the IEEE in 1997. As the name suggests, the idea was to provide the same level of security as a wired network for wireless networks. A WEP key is either 10 or 26 hexadecimal digits. Each hexadecimal digit is 4 bits. Therefore, the bit length of the encryption key is either 40-bit or 104-bit, both of which can be compromised in under a day using brute force methods on standard workstation hardware. Because all packets are encrypted by that key, WEP is very vulnerable to attack today. In 2003, the Wi-Fi Alliance, a group that certifies interoperability of devices, stated that WEP had been superseded by Wi-Fi protected access (WPA). The Wi-Fi Alliance later deprecated WEP in 2004.
Wi-Fi protected access (WPA), and the subsequent standards WPA2 and WPA3 described below, were defined by the Wi-Fi Alliance and the IEEE to overcome the weaknesses of WEP. WPA was designed as a short-term bridge between the original WEP standard and the more secure IEEE 802.11i standard, which was finalized in 2004 (now known as WPA2). WPA is based on the draft IEEE 802.11i standard that was released in 2003.
One of the most noticeable differences between WEP and WPA is the key used to access the wireless network. Where WEP relies on a fixed-length hexadecimal preshared key, WPA uses a variable-length alphanumeric passphrase, which can range from 8 to 63 characters in length.
Another subtler, but even more powerful, upgrade for WPA is the addition of an encryption process known as temporal key integrity protocol (TKIP). Unlike WEP where all packets on the network are encrypted using the same encryption key, TKIP gives WPA a significant security boost by generating a new 128-bit encryption key for every packet sent on the network. This means that instead of cracking one key to decrypt the traffic, an attacker must crack potentially millions of keys. That said, over time, several flaws and weaknesses have been found in the WPA protocol, which prompted the release of WPA2 and then WPA3.
Introduced in 2004 by the Wi-Fi Alliance, WPA2 quickly became the standard for wireless security for the next 15 years. The major difference between WPA2 and the original WPA is the mandatory support for Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP for short), which is part of the AES encryption standard. It is designed to provide data confidentiality, authentication, and access control to the network. Eventually, WPA2 developed weaknesses that led to the development of WPA3 as its replacement.
WPA3 was released in January 2018 to address the weaknesses of WPA2. Specifically, it increases the minimum key strength to 192-bits for enterprise mode connections, which are often used in organizations instead of the alternate personal mode available in WPA standards.
A much more noticeable change in WPA3 is the elimination of the passphrase or key that WEP, WPA, and WPA2 use to allow computers to join a personal-mode wireless network. In WPA3, all devices now use the simultaneous authentication of equals (SAE) method to exchange the network key as defined in the IEEE 802.11-2016 standard. The SAE method ensures the initial key exchange in personal mode is more secure by eliminating the need to tell others the key before they connect to the network.
WPA3 also implements another method known as forward secrecy or perfect forward secrecy (PFS), which ensures that even if one session key is compromised, that compromised key will only affect data exchanged in that encryption session, not in any past or future sessions.
One other improvement in this standard, as defined in the 802.11w specification, is the encryption of management frames, such as de-associating from the network (see Deauth Attack section below for an exploit of this behavior in networks without WPA3). This is only possible once encryption has been established, so devices are still vulnerable to management frame attacks prior to the session encryption negotiation.
All new devices and routers will support the WPA3 standard and, as with the other standards listed here, you should always choose the latest standard supported by the wireless devices and routers.