If not redirected, please click here https://www.thesecuritybuddy.com/network-security/wep-vs-wpa-vs-wpa2/
By now, we have already discussed about Wardriving and how wireless networks can be hacked using Wardriving. (The article can be found here : Wardriving ) We also discussed that, it is always a good practice to use an up-to-date encryption for routers if we want to safeguard our wireless networks. And, this is where WEP, WPA and WPA2 comes into picture.
By now, we have already discussed about Wardriving and how wireless networks can be hacked using Wardriving. (The article can be found here : Wardriving ) We also discussed that, it is always a good practice to use an up-to-date encryption for routers if we want to safeguard our wireless networks. And, this is where WEP, WPA and WPA2 comes into picture.
Let's discuss in detail what WEP, WPA and WPA2
basically are, how are they different from each other and which one to go for.
What is the difference between WEP, WPA and WPA2 ?
Let's understand first what WEP, WPA and WPA2 basically are and how they work. Then it would be easier to understand the difference.
What is WEP ?
WEP
stands for Wired Equivalent
Privacy. WEP is a
popular security algorithm for wireless networks and it was designed
for providing data confidentiality for wireless networks. Earlier it
was widely used and was the first security choice given to Wi-Fi
users. But, later it was supersaded by WPA and WPA2.
WEP uses a 64 bit, 128 bit, 152 bit or
256 bit WEP key. It uses stream cipher RC4 for confidentiality. The
WEP key is first concatenated with the Initialization Vector and then
the whole keystream is XOR'ed with plaintext to get the encrypted
value. The diagram looks something like that of given below :
Length of the Initialization Vector
normally is 24 bit. This would mean, for a 64 bit WEP, the WEP key
length is 40 bit, for 128 bit WEP, the key length is 104 bit and for
256 bit WEP, the key length is 232 bit.
For 64 bit WEP, user normally enters
the key as 5 ASCII characters, which is then converted into 5 x 8 =
40 bit WEP key and then the key is concatenated with 24 bit
Initialization Vector. The 64 bit keystream is then XOR'ed with the
plaintext to get the encrypted value.
Similarly, for 128 bit WEP, user enters
13 ASCII characters and for 256 bit WEP, user enters 29 ASCII
characters.
WEP uses mainly two types of
authentication : Open System Authentication and Shared Key
Authentication.
For Open System Authentication
effectively no authentication occurs. The user rather provides WEP
keys to encrypt data frames.
For Shared Key Authentication
typically the steps below are followed for authentication :
- The client sends authentication request to Access Point.
- The Access Point responds with a cleartext challenge.
- The client encrypts the challenge text with WEP keys and sends it back.
- The Access Point decrypts the response and on successful verification authentication happens.
It may seem that Shared Key
Authentication is a better option, as Open System Authentication
effectively offers no authentication. But, rather the opposite is
true. In case of Shared Key Authentication, challenge frames can be
captured at the time of authentication and from that keystream can be
derived. So, it is advisable to opt for Open System Authentication.
How secure is WEP ?
WEP is proved to be a weaker algorithm.
Inspite of using increased key size and revised algorithms, several
security flaws were found in WEP. WEP is highly vulnerable and it is
strongly advisable to upgrade systems to WPA or WPA2 for security.
What are WPA and WPA2 ?
WPA
and WPA2 stands for Wi-Fi
Protected Access
and Wi-Fi
Protected Access
II. These are two security
protocols developed by Wi-Fi Alliance. (Wi-Fi Alliance is a
non-profit organization that promotes Wi-Fi technology and certifies
Wi-Fi products after they conform to certain standards of
interoperability). WPA and WPA2 was defined in response to security
holes found in WPA and WPA2.
WEP uses fixed WEP keys entered by
users at the Access Points to encrypt the data packets. But, WPA uses
Temporal Key Integrity Protocol or TKIP for encryption. It
dynamically generates a 128 bit key for each packet and the key keeps
changing for each packet. As a result, WPA does not have the security
vulnerability that WEP previously had.
WEP uses CRC or Cyclic Redundancy Check
to ensure data integrity. But, the problem with CRC is it fails to
provide sufficient data integrity guarantee. In WPA, CRC is replaced
with a message integrity check algorithm called Michael. Michael is a
much stronger algorithm than CRC, though not as strong as the
algorithm used in WPA2.
WPA2 is designed to replace WPA. WPA2
includes AES based encryption mode with strong security. WPA2 is able
to provide even more strict security than WPA.
How secure are WPA and WPA2 ?
As discussed earlier, WPA and WPA2 are
designed in response to the security vulnerabilities found in WEP.
So, both of them are more secure than WEP. In fact, use of WEP is
deprectaed and all devices should be upgraded from using WEP.
If we compare WPA and WPA2, WPA2 uses
algorithm stronger than WPA. And it ensures even more better security
than WPA.
So, in short, among WEP, WPA and WPA2, use of WEP is deprecated. One should instead go for either WPA and WPA2. And, if we compare WPA and WPA2, WPA2 is the most secure. Hope this helps.
Read More
How do attackers connect to a wireless network illegitimately using Wardriving and how can we prevent it ?
How to safeguard oneself from Evil Twin ?
What is firewall and how does it work ?
How does Conficker malware infect a computer and how to prevent it ?
What is Botnet and how to prevent it ?
How does Zeus malware infect a computer and how to prevent it ?
How to secure online banking transactions from Man-In-The-Browser Attack ?
How does Dridex malware infect a computer and how to prevent it ?
What is IoT Botnet and how is it used to make DDoS attacks ?
How to configure iptables firewall on Linux ?
Infographic : How to prevent Phishing
No comments:
Post a Comment