What Is WPA2 ?

Cybersecurity Threats

According to the Wireless Geographic Logging Engine (WiGLE), more than 68 percent of users rely on WPA2 Wi-Fi encryption technology. Here’s what you need to know about WPA2 security for your home and business wireless networks…

The internet is omnipresent for all of us. When we link to public Wi-Fi at coffee shops or airports to update our social media or respond to emails, wireless security can fly under our radar. Connecting over vulnerable connections or networks, on the other hand, is a security risk that could result in data loss, compromised account credentials, and a slew of other issues. This is why it’s so important to use the right Wi-Fi security measures. However, you must first understand the differences between various wireless encryption standards, like WPA2.

So, what’s the difference between the Wi-Fi we use at a coffee shop and the Wi-Fi we use at home or at work? Let’s take a look at it.

How Wi-Fi Works & Why You Need to Secure Your Connections

Radio waves are used to communicate with Wi-Fi, a wireless network technology that enables users to connect to the internet. It’s built on IEEE 802.11, a standard developed by the Institute of Electronics and Electrical Engineers. However, since flaws in the protocols on which it is based have been found, this technology is highly vulnerable to hacking.

Consider the types of online transactions that take place on both home and business networks. You may be making online transactions from the comfort of your own home that require payment details to be entered. For some projects at work, you can need to access confidential customer data. As you can see, both of these networks contain confidential data that must be protected against unauthorised access. This usually entails the use of encryption methods and procedures.

Wireless protection is required to prevent unauthorised access to data, protect data confidentiality, and prevent prohibited users from consuming link bandwidth. Unauthorized users can cause havoc on a network in a variety of ways, from eavesdropping on a link to spreading malware across it. Hackers may also use a tactic known as wardriving, in which they travel across the city mapping Wi-Fi access points in search of unsecured networks to hack or use for malicious purposes.

WPA2 & Other Types of Wireless Encryption Standards Definitions & Explanations

Let’s take a look at the various options for securing your networks, as well as the encryption standards that make wireless security possible. As you can see from the timeline, there have been many different forms of wireless security protocols in use over the last 20 years or so.

Wired Equivalency Privacy (WEP)

In 1999, WEP was officially implemented as a Wi-Fi security standard. It was, however, included in the original IEEE 80.11 standard, which was approved in 1997. The aim was to have data confidentiality comparable to that of wired networks, but that goal was not achieved. That’s because WEP’s encryption algorithm is RC4, a stream cypher with a number of flaws.

To prevent the same plaintext data from producing the same WEP encrypted data, RC4 uses an initialization vector. The initialization vector, on the other hand, is transmitted in plaintext, and an attacker can mathematically deduce this key by studying enough packets using the same WEP key.

As a consequence, of all the encryption standards, WEP is the least stable. WEP has two authentication options:

  • Open — The WEP key isn’t needed here. It can, however, be used to encrypt traffic if it is specified.
  • Shared — This refers to the fact that the wireless access points and clients are all manually programmed with the same key.

Wi-Fi Protected Access (WPA)

Wi-Fi safe access, which was introduced in 2003, is a step forward from WEP. This is because it offers improved key handling protection and a more effective user authorization process. WPA was created to improve the security of vulnerable WEP networks without the need for additional hardware. For encryption, it uses the temporal key integrity protocol (TKIP), which dynamically changes the keys used. Key mixing functions are included in TKIP, which increase key complexity and make decoding more difficult for attackers.

WPA also has a message integrity checker known as “Michael.” While it is more secure than the CRC-32 checksum used in WEP for similar integrity checks, it still has flaws.

WPA2 is the next form of wireless encryption protocol we’ll look at.

Wi-Fi Protected Access 2 (WPA2)

WPA2 is an improved version of WPA that uses the robust security network (RSN) mechanism. It was released in 2004. WPA2 has two modes of operation: personal (pre-shared key or PSK) and business (EAP/Radius). The home mode, as the name implies, is intended for personal use, while the enterprise mode is usually used in a business setting. Both of these modes use the AES-CCMP encryption algorithm, which combines counter mode with the CBC-MAC message integrity system and the AES block cypher. As a result, attackers listening in on the network would have a harder time spotting trends.

Pre-Shared Key or Personal Mode (WPA2-PSK)

WPA2 personal uses a shared password and is not recommended for use in a corporate environment. It’s most commonly used in home networks, where the pass is set in the access point (router) and client devices must link to the wireless network using the same pass. The encryption pass is stored on the individual endpoint devices and can be retrieved quickly. Furthermore, if an employee leaves the company or if the pass is compromised in some way, it must be modified individually on all access points and connecting devices.

Enterprise Mode (EAP)

Extensible Authentication Protocol (EAP) options on the enterprise PA2 include password-based authentication, certificate-based EAP, and more. It’s worth noting that EAP is an authentication method in and of itself, and that different EAP forms can be used to enforce it.

WPA2 is an improvement over WEP, but it is still vulnerable to main reinstallation attacks (KRACK). KRACK takes advantage of a flaw in WPA2’s four-way handshake. An attacker might impersonate a clone network and force the victim to connect to it. This allows the hacker to decrypt a small amount of data, which can then be combined to break the encryption key. Client computers, on the other hand, can be patched, and it’s still more stable than WEP or WPA.

This takes us to the next step in the development of Wi-Fi encryption standards.

Wi-Fi Protected Access 3 (WPA3)

According to the Wi-Fi Alliance, WPA3 is now considered the mandatory qualification for Wi-Fi CERTIFIEDTM applications. But what is WPA3 and how does it vary from its predecessors WPA2 and WPA? WPA3 seeks to address some of WPA2’s main flaws (such as its susceptibility to passphrase brute-force attacks, key reinstallation attacks, etc.). This allows it to provide improved protection for personal and open networks, as well as business network security upgrades.

WPA3 has the advantage of being resistant to brute force attacks, even with weak or short passwords. WPA3 Simultaneous Authentication of Equals (SAE), a secure password-authenticated key exchange process, replaces WPA2-PSK. WPA3-SAE reduces the amount of guesses an attacker will make by not transmitting the password hash in plain text. Last year, however, researchers found many security holes in the WPA3 dragonfly handshake (downgrade attacks, side-channel attacks, and so on) (that replaced the four-way handshake used in WPA2).

Patches for these flaws have been published by the Wi-Fi Alliance. However, given the frequency in which Wi-Fi standards fail due to KRACK (in the case of WPA2) and dragonblood, relying solely on them for network security might not be the best option.

5 Tips on Ways to Improve WPA2 Security

Many users continue to connect to the internet using WPA2 personal in their home or small business network. Here are some tips to help you keep your contact safe:

  • Maintain the security of your devices by keeping them patched and up to date. To improve WPA2 stability, update the operating system on all client devices on the network. This means that the most up-to-date fixes for identified vulnerabilities (such as KRACK) have been applied.
  • Use longer passwords with strong and special passwords. Use special characters, numbers, uppercase, and lowercase letters to add variety.
  • On each of the access points, make sure no default passwords are used (such as admin credentials on a router).
  • To use a web browser to access router settings, type in the IP address. Check your router’s firmware settings on a regular basis for any available updates that need to be installed. Consider replacing your router until the manufacturer stops supporting it and the device is no longer available. Automatic updates are available in modern Wi-Fi networks such as Google Wifi.
  • Remote access to your router should be disabled. Disable access via Wi-Fi so that adjustments can only be made by plugging in via an ethernet cable to ensure that your router settings cannot be tampered with over a wireless link.

Aside from the tips mentioned above, using a virtual private network (VPN) or following security best practises like browsing over encrypted HTTPS connections can add an extra layer of security.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.