What is WiFi Protected Access (WPA)?

2023.05.02

What is WiFi Protected Access (WPA)?

WPA is one of the most basic and time-tested methods of protecting wireless devices from attacks. Since the early 2000s, several variants of WPA have been integrated into networks to protect data in transit. Let's examine what WPA is and what it does.  

In a world where wireless communication is now the norm, security takes on an entirely different dimension.  To provide adequate protection, we must shift our focus from enterprise networks to cloud and wireless security standards.  Wireless networks are often a security compromise .For  example, 5G network slicing leaves administrators vulnerable.

WPA is one of the most basic and time-tested methods of protecting wireless devices from attacks.  Since the early 2000s, several variants of WPA have been integrated into networks to protect data in transit.  Let's exam ine what WPA is and what it does.

What is the meaning of WPA?

WiFi Protected Access (WPA) is a standard for securing devices connected to Wi-Fi networks.  Its purpose is to address major weaknesses in the existing Wired Equivalent Privacy (WEP) standard.

The Institute of Electrical and Electronics Engineers created Wired Equivalent Privacy (WEP) encryption to provide wireless security to users of 802.11 networks.  In this case, wireless data is transmitted using radio waves.  WEP is used to avoid eavesdropping, prevent  unwanted access, and protection data integrity.  Data is encrypted using RC4 stream cipher.

However, it was discovered that this encryption technique had major security flaws.  A seasoned hacker can extract the WEP key of an active network within fifteen minutes.  In its place is Wi-Fi Protected Access (WPA).

In the early 2000s, security experts discovered that they could easily crack WEP, and the FBI also exposed WEP's vulnerability. In 2004, the WiFi Alliance officially deprecated WEP in favor of WPA, and that same year, WPA2 was introduced as a more secure replacement. In 2018, the Wi-Fi Alliance announced the latest version of WPA, known as WPA3.

How does Wi-Fi Protected Access (WPA) work?

WEP uses 64-bit and 128-bit keys, while WPA uses 256-bit keys. It becomes more difficult for hackers to crack longer keys. No matter how powerful your computer is, it takes at least several hours to decode a WPA key, so most hackers won't try unless they're desperate to break into the network.

Despite its increased security, WPA was found to contain a security hole: It used the Temporal Key Integrity Protocol, or TKIP. There are still a large number of WiFi devices using WEP, so TKIP is designed to facilitate their firmware upgrades to WPA. Unfortunately, TKIP proved to be just as easy to break.

For this reason, a new encryption protocol was necessary, and WPA2 replaced WPA. The most notable difference is that it employs AES, or Advanced Encryption Standard. CCMP, or Counter Mode Cipher Block Chaining Message Authentication Code Protocol, is used to implement AES. The addition of AES makes WPA2 encryption more difficult to crack.

What are the main features of WPA?

So far, we've looked at first-generation WPAs, their main features, and how they work. However, cybercriminals are always getting smarter and finding new ways to circumvent security mechanisms. Likewise, the incidence of a new threat called Key Reinstallation Attacks (KRACK) is on the rise. It requires the reuse of nonces in Wi-Fi encryption, compromising the WPA2 protocol. That's why WPA3, a more advanced security standard, is needed.

After WPA2 was introduced, it took 14 years to be introduced. However, WPA3 was introduced in 2018. In general, WPA3 encryption and implementation are much more robust.

Its main features are as follows:

1. No more shared passwords

WPA3 uses a process other than the public password to register new devices on the public network. This enables personalized data encryption. WPA3 uses the WiFi Device Provisioning Protocol (DPP) protocol, which allows users to add devices to the network via Near Field Communication (NFC) tags and QR codes. Also, WPA3 security employs GCMP-256 encryption instead of 128-bit encryption.

2. Use of the Simultaneous Authentication of Equality (SAE) protocol

This is used to create a secure handshake where a network device connects to a wireless access point and both devices verify authentication and connectivity. Using Wi-FiDPP, WPA3 provides a more secure handshake, even if the user's password is insecure and vulnerable.

4. Prevent brute force attacks

A brute force attack is a type of hacking that uses automated trial and error to crack passwords, logins, and encryption keys. WPA3 protects the system from offline password guessing by limiting the number of attempts to one, requiring the user to use the Wi-Fi device directly. Every time they try to figure out the password, they need to be there in person.

WPA2's lack of encryption and privacy over open public connections makes brute-force attacks a serious risk.

How to implement WPA?

WPA can be implemented in one of two modes, pre-shared key (PSK) mode for home Wi-Fi networks and enterprise mode. For the latter, we need to use WPA2 Enterprise Mode. That's because, while WPA3 has been around for years, it's not available in all regions or device variants, especially for enterprise use cases.

WPA2 Enterprise implementations include:

Install a RADIUS server: The authentication server is a RADIUS (Remote Authentication Dial-In User Service) gateway that performs authentication. Authenticators are instruments at the access point layer, such as laptops or smartphones. There are various commercial and open source RADIUS server options available.

Configure the access point with encryption and RADIUS server information: When connecting to the network, users must enter their login credentials. They don't have access to the real encryption keys, nor can they keep them on the device. This protects the wireless network from stray employees and misplaced gadgets.

Configuring the operating system with encryption and IEEE802.1x settings: The steps required to configure the operating system with IEEE802.1x depend on the server and client specifications. Consult the manufacturer of the device and software for guidance.

Is WPA3 foolproof?

Although WPA3 was a major advancement, it suffered from flaws in its first few years of existence. For example, WPA3's handshake process is vulnerable to password partitioning attacks, which could allow network intruders to use side-channel attacks in some cases to obtain passwords and phrases.

Certain technologies, even with fixes, cannot implement the WPA3 standard unless their associated communication and network infrastructure also supports this enhanced protocol. The current lack of interconnectivity and compatibility can lead to security gaps and minimize the widespread adoption of WPA3 technology by enterprises.

Administrators should update all network components with the latest and most sophisticated security patches to ensure that any weaknesses can be discovered and addressed.  Ultimately, it is imperative to keep pace with new technological developments that will continue to impact the entire WiFi landscape.  And, don’t 't forget to explore the benefits of an automated security system for your business