WiFi security algorithms have been through many changes and upgrades since the 1990s to become more secure and effective.
Wireless security protocols goals :
- Prevent unwanted parties from connecting to your wireless network.
- Encrypt your private data sent over the airwaves.
Wireless / Wired networks :
- Wired networks transmit data by a network cable (more secure).
- Wireless networks broadcast it within their range in every direction to every connected device that happens to be listening.
WEP - Wired Equivalent Privacy
WEP standard was approved in 1999 and officially abandoned in 2004.
WEP uses a RC4 stream encryption algorithm (64, 128, 256 bits key), CRC-32 for checksum and OSA/SKA for authentication.
The RC4 algorithm is no longer considered safe to use.
WPA - Wi-Fi Protected Access
WPA was formally adopted in 2003.
WPA Personal :
- use a Pre-Shared Key (PSK) for authentication
- use a Temporal Key Integrity Protocol (TKIP) for encryption
WPA Enterprise :
- use an authentication server for keys and certificates generation
Attacks on WPA are often linked to WPS.
WPS - Wireless Protected Setup
WPS was introduced in 2006.
WPS was developed to simplify the linking of devices to modern access points instead of using long passphrases.
Methods for adding a device to the network :
- PIN : Enter the PIN from the access point (often display on screen).
- Push button : Push a button on both the access point and the new wireless client device.
- Near-field communication : Bring the new client close to the access point to allow NFC.
- USB : Use an USB to transfer data between client and access point.
WPA2 - Wi-Fi Protected Access v2
The most important improvement of WPA2 over WPA was the usage of the Advanced Encryption Standard (AES).
At this time the main vulnerability to a WPA2 system is when the attacker already has access to a secured WiFi network and can gain access to certain keys to perform an attack on other devices on the network.
The possibility of attacks via the Wi-Fi Protected Setup (WPS), is still high in the current WPA2-capable access points
WPA3 - Wi-Fi Protected Access v3
- WPA3 will protect against dictionary attacks by implementing a new key exchange protocol. WPA2 used an imperfect four-way handshake between clients and access points to enable encrypted connections.
- If your passphrase gets compromised : WPA3 supports forward secrecy, meaning that any traffic that came across your transom before an outsider gained access will remain encrypted. With WPA2, they can decrypt old traffic as well.
Secure your Wi-Fi
- Try to use WPA2/WPA3 instead of WPA and WEP (WEP is very insecure).
- Use a strong password (up to 63 characters for WPA/WPA2)
- Deactivate Wi-Fi Protected Setup (WPS) on WPA/WPA2