Wireless networks require secure protocols to maintain confidentiality. In this video, you’ll learn about wireless encryption techniques such as WPA2 and WPA3.
The wireless networks we use, both at home and in our businesses, are sending private, confidential, and sensitive information all the time. And we’re very concerned that someone might have access to that data, especially on a wireless medium, that effectively could be tapped into and listened to by any device that happens to be nearby.
One way that we provide security on this wireless network is to limit what users are able to access the network. We would commonly do this with some type of authentication method, such as a username, a password, or some type of multi-factor authentication. And, of course, we want to be sure that everything sent over this wireless network is protected, so we need to add confidentiality in the form of encryption. And to be sure that we’ve received the correct information over this wireless network, we include a message integrity check so that we can verify the information that we’ve received is exactly the information that was originally sent.
One of the first encryption types on wireless networks is a method known as wired equivalent privacy, or WEP. Unfortunately, WEP was discovered to have some significant cryptographic vulnerabilities, so we needed to very quickly replace WEP with something that was much more secure, and that replacement was known as WPA, or Wi-Fi protected access.
WPA was implemented as a temporary stopgap between the insecure WEP and a more secure version of WPA. This first iteration of WPA was designed to work on exactly the same hardware as that older style WEP that we were replacing. But we knew that we would need enhanced security that we would not currently have available in this initial WPA.
This replacement, WPA, we named WPA2. This is Wi-Fi protected access version two, and it’s a version that’s been around since 2004. You’ll often see WPA2 reference with a block cipher mode known as CCMP. If we were to spell this out, it would be counter mode with cipher block chaining message authentication code protocol, or counter slash CBC-MAC. This effectively combined encryption and integrity in the same protocol. The encryption was available with AES and the message integrity check was enabled using CBC-MAC.
The update to WPA two is WPA3. This is Wi-Fi protected access version three, and it was introduced in 2018. This includes a different and more capable block cipher mode known as GCMHP. This is Galois counter mode protocol. This continues to use AES for data confidentiality, and we are using a message integrity check with the Galois message authentication code, or GMAC.
If you’re planning to implement any type of security on your wireless network, you want to use the highest level of security available in your access points and on your client devices. And if you have the option, you should consider upgrading all of your devices to use the most capable security method available.