WPA has been a mainstream technology for years now, but WEP remains a standard feature on virtually every wireless router on store shelves today.
When using a wireless access point or router it is important to remember that if you can send information from one device and receive it at another, anyone else within range might also be able to receive it. When protecting data send via wireless, security and protection is offered through encryption schemes that come with your wireless hardware you can enable.
Wireless Encryption Protocol (WEP) Explained
Short for Wired Equivalent Privacy (or Wireless Encryption Protocol), WEP is part of the IEEE 802.11 wireless networking standard and was designed to provide the same level of security as that of a wired LAN. Because wireless networks broadcast messages using radio, they are susceptible to eavesdropping. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.
WEP was the encryption scheme considered to be the initial standard for first generation wireless networking devices. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model – the data link and physical layers; it therefore does not offer end-to-end security.
WEP’s Major Weakness
WEP’s major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that’s transmitted. But the fact that packets are encrypted doesn’t prevent them from being intercepted, and due to some esoteric technical flaws it’s entirely possible for an eavesdropper to intercept enough WEP-encrypted packets to eventually deduce what the key is.
This problem used to be something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this because changing WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on every device that connects to it. As a result, most people just set up a single key and then continue using it ad infinitum.
Even worse, for those that do change the WEP key, new research and developments reinforce how even changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of ‘cracking’ a WEP key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time and computing power. Researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP-protected network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three seconds.
Wi-Fi Protected Access (WPA) Address WEP’s Shortcomings
It wasn’t long before a new technology called WPA, or Wi-Fi Protected Access debuted to address many of WEP’s shortcomings. WPA aims to provide stronger wireless data encryption than WEP, but not everyone has or was able to jump onboard with the new wireless encryption technology. In order to use WPA all devices on the network must be configured for WPA.
If a device is not configured for WPA, it will usually fall back to the lesser WEP encryption scheme, enabling the wireless devices to communicate on the network. The technology was designed to work with existing Wi-Fi products that have been enabled with WEP (i.e., as a software upgrade to existing hardware), but the technology includes two improvements over WEP:
WPA has been a mainstream technology for years now, but WEP remains a standard feature on virtually every wireless router on store shelves today. Although it’s mainly there for backward compatibility with the oldest hardware, if reports and studies are accurate, a significant percentage of WLANs operating today (especially those used in homes) are still using outdated and insecure WEP for their encryption.
The Widespread Use of WEP
Widespread use of WEP is almost understandable given that to the layperson, the similar abbreviations WEP and WPA don’t convey any meaningful difference between the two security methods (and they may even imply equivalence) Plus, WEP is almost always presented first by the security interface of most broadband routers since WEP comes before WPA both historically and alphabetically).
Even if your router is several years old, it almost certainly supports some form of WPA (and if it doesn’t, upgrading to the latest firmware may fix that). The easiest-to-use and most widely supported version is WPA Personal, sometimes referred to as WPA Pre-Shared Key (PSK).
Network Encryption Using WPA Personal/PSK
To encrypt a network with WPA Personal/PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. (Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually comprised of the hex characters 0-9 and A-F).
Properly configured, WPA offers you infinitely better protection than WEP, but this isn’t to say that WPA security is iron-clad, because let’s face it, what form of security really is? With that in mind, avoiding dictionary words in both the SSID and WPA passphrase (and having as long a passphrase as possible) will provide a lot better protection than using “linksys” and your dog’s name.
This article was originally published on June 15, 2007