WEP
- WEP stands for Wired Equivalent Privacy
- Uses standard 40 bit encryption to scramble data packets. Some vendors support 104 bit encryption.
- WEP was found to be vulnerable to attack
- Encryption is done with the same key so one user’s traffic isn’t protected from other members of the network
WPA
- WPA stands for Wi-Fi Protected Access
- It was created to temporarily address the weakness of WEP until a better long term solution could be found. Therefore, WPA was able to run on existing WEP hardware.
- Uses RC4 with TKIP (Temporal Key Integrity Protocol) which provides a new encryption key for every sent packet. Every packet gets a unique 128 bit encryption key.
- Offers security enhancements over WEP such as encryption key integrity checking feature and user authentication through EAP.
- Only used as a temporary solution for WEP problems until WPA2 was implemented.
WPA2
- WPA2 stands for Wi-Fi Protected Access version 2
- Uses Advanced Encryption Standard (AES) to provide a secure wireless environment. AES replaced RC4.
- WPA2 also uses CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) which replaced TKIP. CCMP is a block cipher mode that uses AES for data confidentiality. It uses a 128 bit key and 128 bit block size. CCMP used higher computing resources which meant that upgrading from WPA to WPA 2 usually also involved upgrading hardware as well. CCMP provides data confidiality through AES, authentication, and access control.
- Currently is the recommended configuration.
TKIP
TKIP stands for Temporal Key Integrity Protocol. TKIP allows for mixed keys so that it combines a secret root key with the initialiation vector (IV). TKIP also adds a sequence counter to prevent replay attacks. TKIP also add a 64 bit message integrity check to ensure your data hasn’t been tampered with during transmission. However, TKIP also has a number of vulnerabilities and has since been deprecated in the 802.11-2012 standard.
AES
Ranking Wireless Security From Best to Worst
- WPA2 + AES
- WPA + AES
- WPA + TKIP/AES
- WPA + TKIP
- WEP
- Open network (with no security)