Wireless Connection Security - WiFi
In the technology world, the term WiFi (an acronym for Wireless Fidelity) is synonymous with wireless access in general, although it is a specific trademark owned by the WiFi Alliance, a group dedicated to certifying that WiFi products comply with the 802.11 set of wireless standards of the IEEE (Institute of Electrical and Electronics Engineers), a worldwide association of engineers dedicated to standardization and development in technical areas.
These standards that comprise a family of specifications under the 802.11 standard codify enhancements that increase wireless performance and range, as well as the use of new frequencies as they become available.
The naming scheme for the 802.11 standard is composed of letters, which are confusing because they are not alphabetically ordered; in this sense, the WiFi Alliance has created simpler names for the youngest changes in the standard, so, for example, 802.11ac is known as WiFi 5, and WiFi 4 for 802.11n, other older ones are named strictly by their letters.
WiFi Standards
It is worth noting that the WiFi Alliance has not created simple names for all 802.11 standards, so it is important to keep to their traditional designations. Some of them are well known:
802.11-1997
The first standard, which provided a data rate of up to 2 Mbps at the 2.4 GHz frequency. It provided a range of use that encompassed approximately only a single room.
802.11b
Launched in 1999, considered one of the most popular early home WiFi routers, it operates on the 2.4 GHz frequency and provides a data rate of up to 11 Mbps.
802.11a
Its worldwide release caused confusion because it was expected that the “a” standard would come first and be compatible with the “b” standard; however, it provides services in the 5 GHz frequency, with data rates up to 54 Mbps.
802.11g
Adopted in 2003, it was the direct successor to 802.11b, capable of speeds up to 54 Mbps in the 2.4 GHz band, matching the speed of 802.11a but within the lower frequency range.
802.11n (WiFi 4)
The first standard adopted in 2009 that introduces MIMO (Multiple Input Multiple Output) technology, which facilitates greater coverage, eliminating as much as possible the loss of data packets due to the simultaneous use of several antennas. It can be used in “dual band”, understood as the possibility of delivering data through two frequencies: 2.4 GHz and 5 GHz, with data rates up to 600 Mbps.
802.11ac (WiFi 5)
This standard, adopted in 2014 and compatible with the 5 GHz frequency space, and MIMO technology, supports data rates over 1 Gbps per antenna. The technology supports legacy standards to enable compatibility, so some devices support dual band (i.e., they operate in the 2.4 and 5 GHz band), allowing them to connect to 802.11b or 802.11g standards, as required.
802.11ax (WiFi 6)
It constitutes the latest innovation in the path of the continuous evolution of wireless technology. It tackles the problem of the growing number of devices connected concurrently to the network, allowing access points to support more clients in dense environments such as stadiums and theaters. It operates in the 2.4 GHz and 5 GHz bands and incorporates backward compatibility, increasing band performance and efficiency. It improves data rate and signal encoding by about 25% compared to its predecessor.
WiFi Security Protocols
It is common to connect a mobile device to a WiFi router at least sometime during the day; however, the security of this connection is not something end users pay much attention to.
On the other hand, IoT (Internet of Things) devices are increasingly connected to the network via WiFi connections, and are always on, always listening and transmitting, and always in need of additional security.
In this regard, security is extremely important, and the proper configuration of secure protocols for WiFi connections helps keep a wireless network safe.
The most common WiFi security protocols are: WEP, WPA and WPA2. Only one protocol can be used at a time, so the choice of protocol is critical to keeping the network secure.
WEP Protocol
WEP (Wired Equivalent Privacy) is the oldest and least secure WiFi encryption method. It is a protocol that is very easy to exploit, and although most wireless routers include it, this does not necessarily mean that it meets basic security needs for the connection. It may be available for supporting older devices, and it is recommended to use it only in case it is not possible to establish the connection with newer and more secure protocols.
WPA Protocol
WPA (WiFi Protected Access) is the evolution of the insecure WEP standard. The WiFi Alliance developed it as a way to keep data safe, and while it wasn't perfect at the time, it made up for many of the shortcomings of its predecessor.
WPA contains a number of vulnerabilities inherited from the old WEP, such as the vulnerable RC4 stream cipher standard, and the introduction of TKIP (Temporal Key Integrity Protocol) technology that uses a per-packet key system to protect communication between devices. However, it reused some aspects of the old protocol, vulnerabilities that eventually appeared in the new standard, compromising it.
WPA2 Protocol
WPA2 (WiFi Protected Access 2) is the second version of WPA, and is a better and more secure wireless security standard that eventually replaced WEP.
WPA2 introduced a number of other security and encryption updates, including the introduction of the Advanced Encryption Standard (AES), which is substantially stronger than RC4, currently used by many online services.
WPA2 also initiated CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) technology to replace WPA's vulnerable TKIP as the encryption mechanism for securing wireless communications.
However, vulnerabilities have been discovered over time in WPA2 that can make it unsafe under certain circumstances. In this regard, WPA2 encrypts network traffic with a key calculated from the WiFi password configured in the router.
The main weak points with this type of encryption are the choice of weak passwords in terms of complexity, as a brute force attack, guessing the keyword over and over again until a match is found, can compromise the security of the network. This type of attack is known as KRACK.
WPA3 Protocol
WPA3 (WiFi Protected Access 3) was established in response to the vulnerabilities detected in its predecessor, and uses a new technology for key exchange called SAE (Simultaneous Authentication of Equals), thus avoiding the KRACK attacks and the use of brute force to crack weak passwords.
The new wireless security protocol also uses a peer-to-peer connection to establish key exchange, thus eliminating the possibility of a malicious intermediary intercepting the keys and initiating an attack.
In terms of timing, widespread adoption of WPA3 will not happen overnight; several device vendors are able to release software upgrades with WPA3 capability for existing products, however, some features may require a hardware change in equipment.
Even if a user purchases a WPA3-capable device, when connecting to a wireless network, the network must support WPA3 to obtain any of the security enhancements. In this sense, WPA3 provides a transition mode to allow for gradual migration and at the same time the connection of devices using WPA2. However, the full benefits can only be achieved when the network is in WPA3 mode only.
The lost benefits and security impact in transition mode are unknown at this time. This may be one of the reasons why some vendors are delaying WPA3 network deployment until more WPA3 end-user devices are in the market.
Final Conclusion
Today, WPA2 is still the most secure WiFi encryption method, even taking into account the KRACK vulnerability. For corporate wireless networks, this type of attack is undoubtedly a problem, however, for ordinary home users, it is difficult to suffer from this type of attack. The selection of secure passwords is a good option in any case.
WEP is very easy to break, and its use represents a security problem for the network. Even if you use older devices that only allow this type of protocol, its replacement is highly recommended.
It is also important to take into account that WPA3 is not going to magically appear and protect all devices overnight. There is always a long period between the introduction of a new WiFi encryption standard and its general use.
The adoption rate will depend on how quickly equipment manufacturers adopt the WPA3 standard for new wireless routers and end devices. Meanwhile, the security of the average WiFi network will depend on the choice of the WPA2 encryption protocol, and the selection of long and complex access passwords.
