Wi-Fi Security: WEP & WPA / WPA2

An overview or tutorial about the IEEE 802.11 standards for Wi-Fi and WLAN applications and the associated WLAN equipment and the use of Wifi hotspots.


WiFi IEEE 802.11 Includes:
Wi-Fi IEEE 802.11 introduction     Standards     Security     How to stay safe on public Wi-Fi     Wi-Fi Bands     Router location & coverage     How to buy the best Wi-Fi router     Wi-Fi boosters, range extenders & repeaters     Wi-Fi wired & powerline extender    


Wi-Fi network security is an issue of importance to all Wi-Fi users. It is defined under the IEEE stadnard 802.11i and security schemes like as WEP, WPA, WPA2 and WPA3 are widely mentioned, with keys or codes being provided for the various Wi-Fi hotspots in use.

Wi-Fi security is of significant importance because very many people use it: at home, in the office and when they are on the move. As the wireless signal can be picked up by non-authorised users, it is imperative to ensure that they cannot access the system.

Even users who legitimately gain access to a system could the try to hack other computers on the same hotspot.

Wi-Fi network security background

Wi-Fi access points advertise their presence by periodically sending out a beacon signal that contains the SSID. This allows prospective users to identify the access point and to try to connect to it.

Once detected, it is possible to try to connect to the access point, and the Wi-Fi authentication procedure starts. To achieve access, a key is generally required.

Since the introduction of Wi-Fi a variety of keys have been used:

  • WEP:   WEP or Wired Equivalent Privacy was the first form of authentication used with Wi-Fi. Unfortunately it was easy to crack, and other systems are now more widely used.
  • WPA:   Wi-Fi Protected Access WPA is a software / firmware improvement over WEP. The first version of this is also known as WPA1 or WPAv1.
  • WPA2:   WPA2 or WPAv2 is the next update to the WPA sceme for providing Wi-Fi network security. It gives significant improvements in the level of security over that provided by previous versions.

WEP - wired-equivalent privacy key

The aim for this key was to make wireless networks such as Wi-Fi as safe as wired communications. Unfortunately this form of Wi-Fi network security did not live up to its name because it was soon hacked, and now there are many open source applications that can easily break into it in a matter of seconds.

In terms of its operation, the Wi-Fi WEP key uses a clear text message sent from the client. This is then encrypted and returned using a pre-shared key.

A WEP comes in different key sizes. The common key lengths are normally 128 or 256 bits.

The security of the WEP system is seriously flawed. Primarily it does not address the issue of key management and this is a primary consideration to any security system. Normally keys are distributed manually or via another secure route. The Wi-Fi WEP system uses shared keys - i.e. the access point uses the same key for all clients, and therefore this means that if the key is accessed then all users are compromised. It only takes listening to the returned authentication frames to be able to determine the key.

Obviously Wi-Fi WEP is better than nothing because not all people listening to a Wi-Fi access point will be hackers. It is still widely used and provides some level of security. However if it is used then higher layer encryption (SSL, TLS, etc.) should also be used when possible.

WPA Wi-Fi Protected Access

In order to provide a workable improvement to the flawed WEP system, the WPA access methodology was devised. The scheme was developed under the auspices of the Wi-Fi Alliance and utilised a portion of the IEEE 802.11i security standard - in turn the IEEE 802.11i standard had been developed to replace the WEP protocol.

One of the key elements of the WPA scheme is the use of the TKIP - Temporal Key Integrity Protocol. TKIP is part of the IEEE802.11i standard and operates by performing per-packet key mixing with re-keying.

In addition to this the WPA, Wi-Fi Protected Access scheme also provides optional support for AES-CCMP algorithm. This provides a significantly improved level of security.

WPA2 / WPAv2

The WPA2 scheme for Wi-Fi network security has now superseded the basic WPA or WPAv1 scheme. WPA2 implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security.

Certification for WPA2 began in September, 2004 and now it is mandatory for all new devices that bear the Wi-Fi trademark.



Wireless & Wired Connectivity Topics:
Mobile Communications basics     2G GSM     2G GPRS     2G GSM EDGE     3G UMTS     3G HSPA     4G LTE     5G     LMR / PMR     WiFi     IEEE 802.15.4     DECT cordless phones     NFC- Near Field Communication     Ethernet     Serial data     USB     Z-Wave     SigFox     LoRa    
    Return to Wireless & Wired Connectivity