Wireless networks are becoming more common in businesses and homes. Most mobile devices now come with a wireless network associated with the device’s brand or carrier. There are also public hotspots at restaurants, coffee shops, and airports to name a few. This makes it easier for us to catch up on work or with friends online.
However, no matter how convenient wireless networks might be they can present a security risk. Data can be stolen resulting in penalties. Here are some of the risks organizations and individuals need to be aware of.
In this blog we will describe about the security protocols for Wireless Networks:
WEP: WEP was developed by the Wi-Fi Alliance in the late 1990s. It was the first encryption algorithm developed for the 802.11 standard, and it had one primary goal – to prevent hackers from accessing any data that was transmitted. Unfortunately, by 2001, cybersecurity experts had found several flaws in the algorithm’s security.
This led to cybersecurity experts recommending that consumers and organizations phase out WEP from their devices. In 2009, it became apparent that WEP was not as effective as developers had stated when the massive cyberattack against TJ. Maxx was launched. The data breached comprised customers’ credit card accounts and cost the retailer $9.75 million in legal expenses.
To authenticate users, WEP uses the Rivest Cipher 4 (RC4). The original model used a 40-bit encryption key, though it has been upgraded to a 104-bit key that is manually entered by the administrator. The key is used with a 24-bit IV (Initialization Vector) that helps to strengthen the password/encryption. The problem that often occurs is that due to the IV’s small size, administrators are likely to use the same keys. This makes the encryption easier to hack.
WEP might have been the original algorithm for wireless networks, but over time it has shown that it is vulnerable to cyber attacks. This is why other security protocols have been developed since the issues with WEP were discovered.
Wi-Fi Protected Access (WPA)
Once the flaws were discovered, and made public, in WEP the process to create a new wireless protocol was started. However, it takes time to write a replacement. To ensure that wireless network users still had protection, the Wi-Fi Alliance released WPA as a temporary replacement in 2003. This gave the Institute of Electrical and Electronics Engineers Inc. (IEEE) time to create a viable replacement for WEP.
Even though WPA is considered an interim security algorithm, it is an improvement over WEP. It has discrete modes for personal and business use for improved security. In personal mode, preshared keys are used to make it easier to implement and manage the network among employees and consumers. Business or enterprise mode requires an administrator to authenticate a device before it can access the network. This allows larger companies to have more control over who has access to the data.
WPA is based on the RC4 cipher like its predecessor WEP, only it uses TKIP (temporal key integrity protocol) to boost wireless security. This includes,
- Using 256-bit keys to reduce keys being reused
- Generating a unique key for a packet by key mixing per packet
- Automatically broadcasting updated keys and usage
- Integrity checks of the system
- IV size increased to 48 bits
Since WPA was designed to be compatible with WEP, IT professionals found that they could easily update to the interim security protocol for their wireless network. All they needed was a simple firmware update. While switching protocols was simple this also created potential security risks since it was not as comprehensive as developers and users hoped it would be.
Wi-Fi Protected Access 2 (WPA2)
The replacement for the interim WPA, the IEEE released WPA2 in 2004. There are still some security vulnerabilities with WPA2, but it is still considered one of the most secure wireless network protocols available for personal and business use.
While like WPA, it also offers users personal and enterprise/business modes. WPA2 also has several security improvements. These include,
- Replacing TKIP and the RC4 cipher with stronger authentication and encryption mechanisms – CCMP (Cipher Block Chaining Message Authentication Code Protocol) and AES (Advanced Encryption Standard). If your device cannot support CCMP, the security algorithm is still compatible with TKIP. This helps to ensure that WPA2 is compatible with all devices and wireless networks.
- AES was originally developed by the United States government to protect classified data from foreign and domestic hackers. It uses three symmetric block ciphers with each one encrypting and decrypting incoming and outgoing data using 128, 192, and 256-bit keys. This security protocol for wireless networks does use more power but technical improvements have lessened any concerns about performance.
- CCMP prevents everyone except for authorized users to receive data by using cipher block chaining. This helps to ensure the integrity of the message.
WPA2 also allows for more seamless roaming from one access point to another without having to re-authenticate user access. This can improve productivity and client relations. Data can be transferred seamlessly, without having to take extra authentication steps.
After reviewing the three security protocols for wireless networks, WPA2 is a welcome replacement for WEP and the temporary algorithm WPA. Knowing which protocol provides the best wireless security is helpful, but so is knowing exactly how it works. If you know how threats are being blocked, you’ll be better equipped at recognizing any issues that might get through.
