Wired Equivalent Privacy (WEP)
WEP is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.
Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.
Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.
Encryption Algorithm : stream cipher RC4 for confidentiality, CRC-32 checksum for integrity.
Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.
Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.
Encryption Algorithm : stream cipher RC4 for confidentiality, CRC-32 checksum for integrity.
Wi-Fi Protected Access (WPA and WPA2)
WPA is a certification program created by the Wi-Fi Alliance.
The WPA certification mark indicates compliance with a security protocol designed to enhance the security of wireless networks.
There are two flavors of this protocol: enterprise and personal.
Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user.
Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase.
The WPA and WPA2 standard has officially adopted five EAP(Extensible Authentication Protocol) types as its official authentication mechanisms.
Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector(IV). One major improvement in the protocol over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.
In addition to authentication and encryption, the protocol also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; A more secure message authentication code (MIC : message integrity code) is used in the protocol.
WPA2 introduces a new AES(Advanced Encryption Standard)-based algorithm, CCMP(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), that is considered fully secure. CCMP uses AES algorithm. Unlike TKIP, key management and message integrity is handled by a single component built around AES.
The WPA certification mark indicates compliance with a security protocol designed to enhance the security of wireless networks.
There are two flavors of this protocol: enterprise and personal.
Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user.
Personal WPA utilizes less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase.
The WPA and WPA2 standard has officially adopted five EAP(Extensible Authentication Protocol) types as its official authentication mechanisms.
Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector(IV). One major improvement in the protocol over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.
In addition to authentication and encryption, the protocol also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; A more secure message authentication code (MIC : message integrity code) is used in the protocol.
WPA2 introduces a new AES(Advanced Encryption Standard)-based algorithm, CCMP(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol), that is considered fully secure. CCMP uses AES algorithm. Unlike TKIP, key management and message integrity is handled by a single component built around AES.
Comparison
| Authentication | Encryption Algorithm | Encryption Method | |
| WEP | Open System authentication Shared Key authentication |
RC4 | WEP |
| WPA | 802.1x / EAP / PSK | RC4 | TKIP |
| WPA2 | AES | CCMP |
