What is WPA (Wi-Fi Protected Access)?
Wi-Fi Protected Access was published by the Wi-Fi Alliance in 2003 before the official IEEE 802.11i standard was adopted. WPA was intended to eliminate WEP’s known security holes and vulnerabilities and restore security to wireless networks. Since WEP was considered cracked, a secure alternative had to be created quickly. It was not possible to wait for the IEEE standard 802.11i to be completed. WPA represents a kind of transitional solution and includes parts of 802.11i.
Since Wi-Fi Protected Access is based on the same technical foundation as WEP with XOR linking and the RC4 data stream, WEP devices can usually be upgraded to WPA without a hardware upgrade. WPA, like WEP, is now considered insufficiently secure and should no longer be used for wireless networks. Successor standards to Wi-Fi Protected Access are WPA2 and WPA3.
How WPA works
A major difference from WEP is the use of TKIP (Temporal Key Integrity Protocol) for encryption. TKIP is based on the RC4 algorithm but uses an improved key calculation with new keys for each data packet. The initialization vector is now 48 bits long instead of just 24 bits. In addition, methods such as per-packet key mixing, re-keying, and message integrity check (MIC) are used.
The key features of Wi-Fi Protected Access are:
- Conceptual separation of encryption, authentication, and integrity assurance.
- Use of different, dynamically regenerated keys based on the master key
- Longer initialization vector
With WPA, authentication is possible both by pre-shared key (PSK) and by Extensible Authentication Protocol (EAP) via a central authentication server such as a Radius server. EAP is mainly used in large professional WLAN installations. Private WLANs or smaller wireless networks usually use a pre-shared key to be made known to all participants.
The weaknesses of WPA
WPA also has numerous conceptual weaknesses and is no longer considered secure. For example, RC4, which is still used by TKIP, is in principle vulnerable to known-plaintext attacks. Security in a WPA-protected WLAN is largely dependent on the quality of the selected password (pre-shared keys). To exploit this vulnerability, an attacker only needs to record a login process. Then, using a brute force method or dictionary attack, pre-shared keys can be tried until one of the generated keys is the correct one.
Numerous programs and tools exist that automate this attack method and make it possible to break into a WPA WLAN within a short time. Thanks to powerful CPUs and GPUs, brute force attacks can be massively accelerated.
Another vulnerability is the joint use of WPA and WPS (Wi-Fi Protected Setup). WPS simplifies the setup of a WLAN by easing the initial login process of a WLAN client. Wi-Fi Protected Setup is even more vulnerable to brute force attacks. It is therefore recommended to disable WPS on access points and WLAN routers.
Due to these vulnerabilities, WPA should be avoided in new installations and WPA2 should be used. If this cannot be implemented, a secure password that is as long as possible and consists of a random string of characters should be selected for the pre-shared key.
In June 2018, the Wi-Fi Alliance adopted the new WPA3 standard to replace WPA2.