WEP, WPA, WPA2, IEEE…
Amid the confusing acronyms lies a logical progression of wireless encryption and security protocols. Whilst at first they seem bewildering, it’s quite interesting to learn of their history.
The technology behind delivering a wireless network has evolved over the last couple of decades and so has the ways and means in which to secure it all. It’s not just simply down to choosing a password that no one is likely to guess, you need to make sure that data and connection to a wireless network is encrypted to the highest possible standard.
These standards are always moving forward and like most elements of the technology industry they come with a bewildering cocktail of acronyms and meanings. Encryption and all things security can be a confusing topic, even for experts. Here are the current, and most important, terms you should be familiar with when talking about wireless security standards, wireless networking and the hardware that lies between your wireless communications.
The Institute of Electrical and Electronics Engineers is the organisation responsible for setting the entire wireless security industry, and data communications standards. It was founded, surprisingly, back in 1963 and is regarded as the largest association of technical professionals in the world.
You’ve no doubt come across the numbers 802.11 when looking at wireless-based and networking documentation but what on earth does it mean? 802.1x is the IEEE standard for providing authentication and controlling user traffic across wireless and wired Ethernet-based networks. It’s an ideal application for providing authentication for wireless networks, as it requires very little processing power from the authenticator: the actual wireless access point. The better the standard, ending with a, b, g, n, ac and so on, the higher the speed of communications between devices.
Talking about access points, this is the hardware that acts as a receiver or transmitter for the wireless signal and network. It can physically be a number of different components, such as a router, switch or powerline adapter but essentially it’s the hardware that converts a wired Ethernet network to a 2.4GHz or 5GHz wireless signal and vice versa; it’s also referred as the WAP, Wireless Access Point.
This is the original wireless encryption security standard, Wired Equivalent Privacy. Whilst the protocol worked for the late nineties wireless networks, it was soon overshadowed by the ever increasing power of the average computer. WEP uses a 40-bit standard encryption key, which is a key consisting of either 10 or 26 hexadecimal digits. That sounds like a lot of possible keys to crack but a modern, powerful computer would be able to break 40-bit encryption in around 30 seconds; compare this to months for a computer in the late ‘90s.
Replacing the WEP standard, WPA (Wi-Fi Protected Access) provided a much needed improvement for the ever advancing march of security. It became the standard in 2003 and offered the user either 64-bit or the more adept 128-bit key levels of encryption. A 64-bit key attack would take several lifetimes when it was first introduced; these days it’s estimated that it would take several months, maybe less if the attacker used several computers working as a cluster. Naturally 128-bit key lengths are mind-numbingly more complex and even by today’s standards, the theoretical process of a brute force attack would take more time than the universe has estimated left to exist. Which is a very, very long time.
WPA2 is the upgraded standard security technology of WPA. It’s designed to offer the user an impressive 256-bit encryption key, which is virtually uncrackable unless you’re a secret research lab with a few billion dollars to spare on quantum computing and dedicated hardware decrypting processors. There are also different sub-standards within WPA2, with AES (Advanced Encryption Standard) and TKIP (Temporal Key Integrity Protocol), both of which are encryption methods, along with the lesser used CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).