The two security protocols and security certification programs are Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2). These are developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these protocols because of the serious weaknesses the researchers found in the previous system, Wired Equivalent Privacy (WEP).
WPA also referred to as the draft IEEE 802.11i standard became available in 2003. The Wi-Fi Alliance made it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2, which became available in 2004 which is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.
In January 2018, with several security improvements over WPA2 Wi-Fi Alliance announced the release of WPA3.
- WPA –
The WPA is an intermediate measure to take the place of WEP. WPA could be implemented through firmware upgrades on wireless network interface cards that were designed for WEP in 1999. However, since more changes were required in the wireless access points (APs) than those needed on the network cards, most pre-2003 APs could not be upgraded to support WPA.
The WPA protocol implements almost all of the IEEE 802.11i standard. The Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 64-bit or 128-bit encryption key that must be manually entered on wireless access points and devices which once entered can never be changed. TKIP employs a per-packet key, which means that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP.
WPA included a Message Integrity Check, which is designed to prevent an attacker to alter or resend data packets. This replaced the cyclic redundancy check (CRC) that was used by the WEP standard. CRC’s had a main flaw that it did not provide a sufficiently strong data integrity guarantee for the packets it handled. Well tested message authentication codes existed to solve these problems, but they required too much computation to be used on old network cards. WPA uses a message integrity check algorithm called TKIP to verify the integrity of the packets. TKIP is much stronger than a CRC, but the algorithm used in WPA2 is stronger. Researchers discovered a flaw in WPA similar to older weaknesses in WEP and the limitations of the message integrity code hash function, named Michael, that is used to retrieve the keystream from short packets to use for re-injection and spoofing.
- WWPA2 –
WPA2 replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implemented the mandatory elements of IEEE 802.11i. Particularly, it included mandatory support for CCMP(Counter Mode CBC-MAC Protocol), an AES(Advanced Encryption Standard) based encryption mode. Certification began in September, 2004. WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark from March 13, 2006.