The Difference Between WEP & WPA Encryptions

WEP - Wired Equivalent Privacy is an easily cracked security protocol for wireless networks. Formally introduced with the 802.11 standard in the late 1999, was once the mostly used encryption method for router users. WEP has clearly been delineated to have many loops, though its name indicates it to be as protected as its wired counterpart (LAN). This is so because a physical interaction would be required between the user and the Access Point to initiate authentication as a result of the physical structure of the LAN. The WLAN (Wireless Area Network) on the other hand transmits data as radio waves making it easier to capture and tamper the data packets for further attacks.

A U.S, F.B.I (Federal Bureau of Investigation) group in 3 minutes were able to crack a WEP-protected network in a demonstration using freely available tools in 2005. This further describes the weakness of the WEP security algorithm.

WPA - Wi-Fi Protected Access - This Wi-Fi standard was drafted to enhance the flaws of the WEP security. The earlier encryption system (WEP) required that a 40-bit or 104-bit encryption key be entered on Access Points and devices. WPA implements TKIP (Temporary Key Integrity Protocol) which makes use of a per-packet key (i.e. new 128- bit keys are periodically generated for each packet) preventing the attacks on WEP. TKIP adds an integrity-checking feature and jumbles the keys using a hashing algorithm, certifying that the data packets haven’t been captured, modified and resent.

WPA 2 – Wi-Fi Protected Access II- This security method is the advancement of the WPA and is equipped with a more robust and reinforced access control and data security across a network. Due to its security features, it is said to provide Government grade security based on the IEEE 802.11 i standard.

WPA2 comes in two forms;

·         The WPA2-Personal for personal protection from unauthorized network access

·         The WPA2-Enterprise for corporate protection from unauthorized access to server.

Comes with two new protocols:

·         The 4-Way Handshake:

The process leaves two cogitation:

The Access Point would need to validate itself to the client station, and keys to encrypt the traffic need to be derived. The image below shows the thread of messages during the handshake.

1.       The Access Point sends a nonce-value to the STA (ANonce). The client then constructs the PTK with all the attributes.

2.       The STA sends its own nonce-value(SNonce) to the Access Point together with a MIC, including validation, which is a Message Authentication and Integrity Code(MAIC)

3.       The Access Point sends the GTK (Group Temporary Key) and a sequence number together with another MIC. In the next number of multicast or broadcast frame, the sequence number will be used, in order for the receiving STA to perform basic replay detection.

4.       The STA sends a confirmation to the Access Point.

All the messages are transmitted as EAPOL - Key frames.

·         The Group Key Handshake

An update of the Group Temporary Key may be necessary because of a timer. The GTK would require an update whenever a device leaves the network.

Consists of a two way Handshake:

·         The Access Point sends the new GTK to each STA across the network.
·         The STA accepts the new GTK and gives a response to the Access Point.

Reference: Wikipedia