Wireless Cryptographic Protocols – CompTIA Security+ SY0-501 – 6.3

We rely on strong encryption protocols to keep our wireless communications secure. In this video, you’ll learn about the security features associated with WPA and WPA2.

<< Previous Video: Obfuscation Next: Wireless Authentication Protocols >>


Unlike a wired network connection, wireless networks can be heard by anyone who’s close by who would care to listen in. This means that the data we send across our wireless networks could potentially be gathered by anyone nearby. The solution for this is obviously to encrypt the data. Even if someone was to capture everything that we send from our computer, they wouldn’t be able to read any of it because all of the traffic would be encrypted.

Of course, there are other people on the wireless network that would like to communicate with you. And in those cases, we might configure WPA or WPA2 encryption so that everyone can have a protected communications channel while on the wireless network. One of the very first encryption types we used on wireless networks was WEP. WEP stands for Wired Equivalent Privacy. Unfortunately, in 2002, we found significant cryptographic vulnerabilities with WEP and decided this would not be appropriate to use going forward.

But we needed some short-term protection. We couldn’t use WEP any longer, and we weren’t quite sure where we would go with encryption on wireless networks. The solution was a mid-term encryption protocol named WPA or Wi-Fi Protected Access. WPA used RC4 ciphers with TKIP, which is Temporal Key Integrity Protocol. It was able to take an initialization vector that was much larger than what we were using with WEP. And every packet that we were sending over a WPA network included a unique 128-bit encryption key.

TKIP was an interesting addition to our wireless encryption. This is something that wasn’t available in WEP. And this allowed us to combine a secret route key with our initialization vector. It also added a sequence counter so that no one could replay this traffic in an effort to gain access to the network. TKIP also included a 64-bit message integrity check to make sure that nobody tampered with the data as it was going through the wireless network. But unfortunately, we found some implementation vulnerabilities with TKIP. And we decided this would not be appropriate to use going forward.

The most modern wireless encryption that we use on our networks today was introduced in 2004. This was WPA2– the WPA2 being the second edition of that. WPA2 included AES to provide the encryption. This is the Advanced Encryption Standard. We use that instead of the RC4 cipher. And it also included CCMP, which is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. And that was the replacement for TKIP.

CCMP is a block cipher mode that uses 128-bit keys, and it encrypts in 128-bit block sizes. This increased security came at a cost, however. Some of the older hardware was not able to run this more advanced encryption scheme. These days, modern hardware is able to run WPA2 without a problem. And all of your wireless equipment should be using WPA2. It provides the data confidentiality you need for encrypted data. It provides authentication. And it provides the access control you need to your wireless network.