WEP vs WAP

Introduction

WPA has opened a new page in WLAN security. Wi-Fi Alliance has launched WPA in October 2003. You can use the same equipment, with much better security option - WPA. The only thing you need to do is to upgrade the software and firmware.

WPA

WEP or Wired Equivalent Privacy is an encryption protocol developed in the late 1990's to secure wireless networks.  It offers 64bit and 128 bit encryption using a key generated by a passphrase you enter, but is easily cracked.  Despite this, there are a ton of people who still use WEP since it is the default protection on many routers.

WPA (WiFi Protected Access) is the next generation encryption algorithm that replaced WEP.  WPA uses 256bit encryption keys, and is far more secure than WEP.  It's not the be-all-end-all, but is very good.  As with WEP, you have the option of generating a security key using a passphrase so that you don't have to remember a string of random hex digits.  This is great, BUT you have to be careful about the passphrase you use.  DON'T use things like your pets name, your kid's name, your street, or anything that can be guessed.

WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer's equipment.

WPA delivers a level of security way beyond anything that WEP can offer, bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable.

WPA work

WPA uses Temporal Key Integrity Protocol (TKIP). TKIP is designed to allow WEP to be upgraded. This means that all the main building blocks of WEP are present, but corrective measures have been added to address security problems.

WPA vs WEP

The weaknesses in WEP have been well publicized. TKIP's improvements are described below. IV values can be reused/IV length is too short. The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely.

In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP. Weak IV values are susceptible to attack. WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex. Master keys are used directly in WEP. Master Keys are never used directly in WPA. A hierarchy of keys is used, all derived from the Master.

Cryptographically this is a much more secure practice. Key Management and updating is poorly provided for in WEP. Secure key management is built-in to WPA, so key management isn't an issue with WPA. Message integrity checking is ineffective. WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of ...