What is WEP, WPA, and WPA2?

These acronyms are all associated with schemes for securing wireless communications under the 802.11 Wireles LAN (Local Area network) standard. First lets expand the acronyms so that at least we know what the letters stand for.

• WEP - Wired Equivalent Privacy (commonly and mistakenly called Wireless Encryption Protocol by most)
• WPA - Wi-Fi Protected Access
• WPA2 - Wi-Fi Protected Access 2

In order to properly understand what WEP, WPA, and WPA2 are, we need to provide some background on what 802.11 is. Obviously, if you are reading this, we will assume you are a beginner wireless user and primarily looking for some basic information to help you get a better understanding of wireless technology and the security schemes available.

IEEE (Institute of Electrical and Electronics Engineers) 802.11 is a set of standards specifying a means for wireless local area network (WLAN) communications using radio frequencies in the 2.4GHz, 3.6GHz, and 5GHz range. The most common modulation standards are the 802.11a, 802.11b, and 802.11g protocols--and now the more recent 802.11n. The 802.11a specification amended the 802.11 standard to increase the raw transmission speed to 54Mbps at 5GHz band. The 802.11b specification amended the 802.11 standard to increase the raw transmission speed to 11Mbps in the 2.4GHz band. Both 802.11a and 802.11b were ratifiedin 1999. The next modulation specification to amend 802.11 was 802.11g. This allowed up to 54Mbps transmission rates at the 2.4GHz band. The more recent 802.11n specification was approved in September 2009, and allows up to 600Mbps raw transmission rates at the 2.4GHz or 5GHz range. It is expected to be published in October 2009.

As you can see, the 802.11 standard is just a means of communication using modulation schemes over the airwaves, and as such, would need some form of security or privacy scheme to keep snoopers from reading what is being transmitted. What follow next are the three schemes to provide some form of secure communication over wireless transmission.

WEP was introduced in 1997. It was the first attempt at securing or providing confidentiality over wireless communications. In 2001, weaknesses in WEP were identified, and as a result, today WEP can be cracked within minutes. A few months after these discoveries, an amendment called 802.11i was formed with the goal of solving this problem. The result was the introduction of the interim solution called WPA in 2003, then WPA2 later.

Anyway, as a security algorithm, WEP uses stream cipher RC4 for confidentiality and CRC-32 checksum for data integrity. IEEE deprecated this specification in 2004. A standard 64-bit WEP uses a 40-bit key concatenated with a 24-bit block to produce a unique stream. At that time, 64-bit was a government limitation for exported encryption technology. Since then the limit was lifted allowing for the stronger 128-bit WEP (using 104-bit key).

Around the time the 802.11i task force was formed a solution was needed to keep the airwaves secure for LANs while a full recommendation was being formed through the 802.11i amendment. WPA was an interim solution to the security flaws discovered in WEP. It implements most of what is found in the 802.11i specifications. It uses TKIP (Temporal Key Integrity Protocol) as the underlying security protocol which is based on RC4 (a stream cipher algorithm). TKIP uses many of the same mechanism as WEP, however through various means (e.g. message integrity check, per packet key hashing, broadcast key rotations, sequence counter) it is able to minimize its vulnerability.

WPA2 is the final result of the work done under 802.11i, and it replaces WPA. WPA2 implements the mandatory components of 802.11i. It provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES (Advanced Encryption Standard) encryption algorithm.

There are two version of WPA2--the enterprise and personal versions. The personal version is also known as Pre-Shared Key mode. It is designed for home or locations where there is no need nor practical to have an authentication servers. It uses 256-bit key which can be entered as 64 HEX digits or as a passphrase of 8 to 63 ASCII characters. The enterprise version uses authentication servers and provides support for additional EAP (Extensible Authentication Protocol) types, in addition to EAP-TLS (Transport Layer Security).

By this time you should now have a fairly good introductory understanding of what WEP, WPA, and WPA2 are.

The moral of the story here is that if you are concerned with communication privacy when communicating through the airwaves using your Wi-Fi device, then you'll want to stay away from WEP as it is the weakest of the three wireless security schemes. If WPA2 is supported by the wireless devices you are using, use WPA2. The next best option is WPA.