Wi-Fi Protected Access


Wi-Fi Protected Access, Wi-Fi Protected Access 2, and Wi-Fi Protected Access 3 are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy.
WPA became available in 2003. The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2, which became available in 2004 and is a common shorthand for the full IEEE 802.11i standard.
In January 2018, the Wi-Fi Alliance announced the release of WPA3, which has several security improvements over WPA2.
As of 2023, most computers that connect to a wireless network have support for using WPA, WPA2, or WPA3. All versions thereof, at least as implemented through May, 2021, are vulnerable to compromise.

Versions

WEP

WEP is an early encryption protocol for wireless networks, designed to secure WLAN connections. It supports 64-bit and 128-bit keys, combining user-configurable and factory-set bits. WEP uses the RC4 algorithm for encrypting data, creating a unique key for each packet by combining a new Initialization Vector with a shared key. Decryption involves reversing this process, using the IV and the shared key to generate a key stream and decrypt the payload. Despite its initial use, WEP's significant vulnerabilities led to the adoption of more secure protocols.

WPA

The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the availability of the full IEEE 802.11 standard. WPA could be implemented through firmware upgrades on wireless network interface cards designed for WEP that began shipping as far back as 1999. However, since the changes required in the wireless access points were more extensive than those needed on the network cards, most pre-2003 APs were not upgradable by vendor-provided methods to support WPA.
The WPA protocol implements the Temporal Key Integrity Protocol. WEP uses a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromise WEP.
WPA also includes a Message Integrity Check, which is designed to prevent an attacker from altering and resending data packets. This replaces the cyclic redundancy check that was used by the WEP standard. CRC's main flaw is that it does not provide a sufficiently strong data integrity guarantee for the packets it handles. Well-tested message authentication codes existed to solve these problems, but they require too much computation to be used on old network cards. Researchers have since discovered a flaw in WPA that relied on older weaknesses in WEP and the limitations of the message integrity code hash function, named Michael, to retrieve the key-stream from short packets to use for re-injection and spoofing.

WPA2

Ratified in 2004, WPA2 replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it includes support for CCMP, an AES-based encryption mode. Certification began in September, 2004. From March 13, 2006, to June 30, 2020, WPA2 certification was mandatory for all new devices to bear the Wi-Fi trademark.
In WPA2-protected WLANs, secure communication is established through a multi-step process. Initially, devices associate with the Access Point via an association request. This is followed by a 4-way handshake, a crucial step for ensuring both the client and AP have the correct Pre-Shared Key without actually transmitting it. During this handshake, a Pairwise Transient Key is generated for secure data exchange key function for the exchange RP = 2025
WPA2 employs the Advanced Encryption Standard with a 128-bit key, enhancing security through the Counter-Mode/CBC-Mac Protocol CCMP. This protocol ensures robust encryption and data integrity, using different Initialization Vectors for encryption and authentication purposes.
The 4-way handshake involves:
  • The AP sending a random number to the client.
  • The client responding with its random number.
  • The AP calculating the PTK from these numbers and sending an encrypted message to the client.
  • The client decrypting this message with the PTK, confirming successful authentication.
Post-handshake, the established PTK is used for encrypting unicast traffic, and the Group Temporal Key is used for broadcast traffic. This comprehensive authentication and encryption mechanism is what makes WPA2 a robust security standard for wireless networks.

WPA3

In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2. Certification began in June 2018, and WPA3 support has been mandatory for devices which bear the "Wi-Fi CERTIFIED™" logo since July 2020.
The new standard uses an equivalent 192-bit cryptographic strength in WPA3-Enterprise mode, and still mandates the use of CCMP-128 as the minimum encryption algorithm in WPA3-Personal mode. TKIP is not allowed in WPA3.
The WPA3 standard also replaces the pre-shared key exchange with Simultaneous Authentication of Equals exchange, a method originally introduced with IEEE 802.11s, resulting in a more secure initial key exchange in personal mode and forward secrecy. The Wi-Fi Alliance also says that WPA3 will mitigate security issues posed by weak passwords and simplify the process of setting up devices with no display interface. WPA3 also supports Opportunistic Wireless Encryption for open Wi-Fi networks that do not have passwords. The Wi-Fi Alliance calls OWE "Wi-Fi CERTIFIED Enhanced Open"; Wi-Fi manufacturers often refer to it as "Enhanced Open" rather than OWE.
Protection of management frames as specified in the IEEE 802.11w amendment is also enforced by the WPA3 specifications.

Hardware support

WPA has been designed specifically to work with wireless hardware produced prior to the introduction of WPA protocol, which provides inadequate security through WEP. Some of these devices support WPA only after applying firmware upgrades, which are not available for some legacy devices.
Wi-Fi devices certified since 2006 support both the WPA and WPA2 security protocols. WPA3 is required since July 1, 2020.

WPA terminology

Different WPA versions and protection mechanisms can be distinguished based on the target end-user and the method of authentication key distribution, as well as the encryption protocol used. As of July 2020, WPA3 is the latest iteration of the WPA standard, bringing enhanced security features and addressing vulnerabilities found in WPA2. WPA3 improves authentication methods and employs stronger encryption protocols, making it the recommended choice for securing Wi-Fi networks.

Target users (authentication key distribution)

WPA-Personal

Also referred to as WPA-PSK mode, this is designed for home, small office and basic uses and does not require an authentication server. Each wireless network device encrypts the network traffic by using its 128-bit encryption key obtained obtained during the Temporal Key Integrity Protocol keys derivation from a 256-bit shared key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. This pass-phrase-to-PSK mapping is nevertheless not binding, as Annex J is informative in the latest 802.11 standard. If ASCII characters are used, the 256-bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1. WPA-Personal mode is available on all three WPA versions.

WPA-Enterprise

This enterprise mode uses an 802.1X server for authentication, offering higher security control by replacing the vulnerable WEP with the more advanced TKIP encryption. TKIP ensures continuous renewal of encryption keys, reducing security risks. Authentication is conducted through a RADIUS server, providing robust security, especially vital in corporate settings. This setup allows integration with Windows login processes and supports various authentication methods like Extensible Authentication Protocol, which uses certificates for secure authentication, and PEAP, creating a protected environment for authentication without requiring client certificates.

Encryption protocol

; TKIP : The RC4 stream cipher is used with a 128-bit per-packet key, meaning that it dynamically generates a new key for each packet. This is used by WPA.
; CCMP : The protocol used by WPA2, based on the Advanced Encryption Standard cipher along with strong message authenticity and integrity checking is significantly stronger in protection for both privacy and integrity than the RC4-based TKIP that is used by WPA. Among informal names are AES and AES-CCMP. According to the 802.11n specification, this encryption protocol must be used to achieve fast 802.11n high bitrate schemes, though not all implementations enforce this. Otherwise, the data rate will not exceed 54 Mbit/s.

EAP extensions under WPA and WPA2 Enterprise

Originally, only EAP-TLS was certified by the Wi-Fi alliance. In April 2010, the Wi-Fi Alliance announced the inclusion of additional EAP types to its WPA- and WPA2-Enterprise certification programs. This was to ensure that WPA-Enterprise certified products can interoperate with one another.
the certification program includes the following EAP types:
802.1X clients and servers developed by specific firms may support other EAP types. This certification is an attempt for popular EAP types to interoperate; their failure to do so is one of the major issues preventing rollout of 802.1X on heterogeneous networks.
Commercial 802.1X servers include Microsoft Network Policy Server and Juniper Networks Steelbelted RADIUS as well as Aradial Radius server. FreeRADIUS is an open source 802.1X server.