Comparative Analysis of Wireless Security Protocols: WEP vs WPA


Data security in wireless network has posed as a threat that has stuck to the core of data communication from point A to point B. There have been a variety of security issues raised in wired and wireless networks and security specialists proposed a variety of solutions. The proposed security solutions in wired networks could not be successfully implemented in wireless networks to identify, authenticate and authorize users due to infrastructural and working principles of wireless networks. Data on wireless network are much exposed to threats because the network is been broadcasted unlike a wired network. Researchers have proposed WEP and WPA to provide security in wireless networks. This research is going to compare the WEP and WPA mechanism for better understanding of their working principles and security bugs.

Share and Cite:

Sari, A. and Karay, M. (2015) Comparative Analysis of Wireless Security Protocols: WEP vs WPA. International Journal of Communications, Network and System Sciences, 8, 483-491. doi: 10.4236/ijcns.2015.812043.

Received 12 October 2015; accepted 14 December 2015; published 17 December 2015

1. Introduction

Wireless communication helps exchange information form one point to another or more points. Data security involves data availability, data confidentiality and data integrity. For example, data availability can be achieved by well management of the computing environment, and integrity via data backups, and verification methods. These methods help to ensure the readiness of data. Most wireless technology uses electromagnetic wireless communication [1] [2] . WEP and WPA are the basic data and network security mechanisms provided to ensure security in wireless network environment.

This paper would try to highlight the different mechanisms of data protection or security in wireless network or environment. Section 2 of this paper would discuss data security in wireless networks and common attacks known to data in wireless environment. Section 3 describes different mechanisms of data security in wireless environment and wired environment, but more emphasis would be placed on wireless environment. Section 4 would describe deals on cryptography algorithms for data security. Section 5 concludes the research on data security in wireless network.

2. Wireless Encryption Protocol (WEP)

This security measure is for Wireless LAN and it is a part of the IEEE 802.11 security standard. In the WEP, the Cyclic Redundancy Code (CRC-32) is used for providing data security and integrity, while the RC4 stream cipher is used to provide confidentiality [2] [3] . The WEP standard specification supports a 40-bit key length while the non-standard specification provides a 128 and 256-bit key length in data encryption.

2.1. Encryption Process of the WEP

The encryption process of the WEP for data communication consists of 5 steps as shown in Figure 1.

In the initialization process, a 24-bit vector is linked together in a series form with a 40-bit WEP key.

The result form the linked key acts as a seed value for pseudo random number generator [3] -[5] .

An integrity algorithm is carried out on the plain text so an Integrity Check Value (ICV) can be generated which is then linked with the plain text.

To generate the cipher text, RC4 algorithm is applied on the plain text in addition with the ICV and the key sequence.

The wireless Media Access Control (MAC) payload frame is generated by putting the initialization vector (IV) in front of the encrypted data combining ICV along with other fields.

2.2. Decryption Process of the WEP

In the WEP decryption process, the following takes place as shown in Figure 2.

The initialization vector from the 802.11 standard frame is linked with the WEP key, acting as a seed value for Pseudo Random Number Generator.

In getting the plain text, the CR4 algorithm is applied to the cipher text and the key sequence.

The plain text and the original ICV are gotten in this stage.

Figure 1. WEP encryption process.

Figure 2. WEP decryption process.

To generate the new ICV the plaint text is added to the Integrity algorithm to get the new ICV.

The New ICV generated in the previous stage is compared with the original ICV to check for data integrity.

2.3. Security Vulnerabilities in WEP

In computer, data or network security a proposed solution does not always cover or profile solution to all the areas that have weakness in the corresponding field. The WEP protocol has some security weakness such as:

1) Weak Cryptography: Captured network traffic analyzed showed that shared key that is been used by the WEP can be easily decoded analyzing the captured data. This can lead to data manipulation and loss of data integrity [6] [7] .

2) Absence of Key Management: The WEP does not have the key management feature to manage different keys in its key table, rather same key is used for a very long period of time and this shows poor quality [8] -[10] . Small Key Size: The key size of the WEP standard is only 40-bit key. This makes the WEP open to attack especially the brute force attack, because the encryption key is only 40-bit. The brute force attack as form of an offline dictionary mechanism that probes the network with frequently used encryption words and check out the data gotten from the captured traffic to get the secret passphrase.

3) Reuse Initialization Vector: From the explanation in Figure 1 and Figure 2, the same initialization vector was used. This can lead to data decryption without the use of the appropriate key, because the IV can be gotten easily and other crypto-app can be used to decrypt the data.

4) Authentication Issues: Due to the challenge-response scheme that is used in shared key authentication, a man-in-the-middle attack can be carried out in the WEP. This kind of attack that possess as the corresponding destination or source of a data in a network in other to gain access to confidential information that is in transit. This leads to sensitive information to be compromised and if possible it can also lead to data loss.

5) Packet Forgery: There’s no protection against packet forgery in WEP. Data packets can be forged using third-party application and injected into the network, this can lead to data manipulation and loss of data integrity.

6) Flooding: This is sending of huge data packets that’s lots or messages to an access point and thereby preventing the legitimate users from gaining access to the network, and also limiting the access point from processing data in the traffic [11] [12] .

2.4. Common Attacks on WEP

The attacks that are common to the WEP protocol are:

Korek Chopchop Attack: In this form of attack, the attacker can decrypt the last s bytes of the plaintext of an encrypted packet by transmitting s* 128 number of packets on the network [13] [14] . This attack does not show the root key as shown in figure. From Figure 3, the attacker chops away the last byte from the captured data packet and guesses the last byte of the captured packet and modifies it and sends it to the access point. If the modified last byte that was guessed by the attacker is correct, the access point would accept the data packet. The attacker moves on to guessing the second last byte and moves on till the whole data is guess. But if the last byte guessed of the captured packet is wrong the access point discards the packet.

Bittau’s Fragmentation Attack: This attack method gives an attacker the edge in finding keystream of length s, after the keystream have been found; the attacker sends the packet with the corresponding payload length s-4, removing four bytes from the ICV. If the packets are long it can be split up to 16 fragments distributing the packet payload s-4 according. After the packet is received and reassembled by the access point, the data packet it re-encrypted with a new key stream. The attacker already knows the plain text so he can also get the new key stream [13] -[15] .

Other forms of WEP attack are Fluhrer, Mantin and Shamir (FMS) Attack and Pyshkin, Tews and Weimann (PTW) Attack. Figure 4 shows the WEP protocol shows its safety improvements.

3. Wireless WPA (W)

The WPA protocol was introduced in 2003 by the Wi-Fi alliance to try and eliminate or overcome the laps that’s in WEP [16] -[18] . The main reason for the WPA is to address the cryptography issues in WEP. The WPA provided some good security feature such as WPA Encryption Process, WPA Authentication Mechanisms which includes; WPA-Personal or WPA-PSK, WPA-Enterprise.

Figure 3. WEP decryption process.

The WPA Encryption Process is explained in Figure 5 below. Figure 5 explains the WPA encryption process, where a Temporal Key Integrity Protocol (TKIP) is used by WPA for data encryption [12] -[14] [18] . This eliminated the use of the same key in encryption, a different key is generated randomly for every data packet, and a 128-bit key is used to encrypt the data packet. The Michael algorithm is combined with the TKIP providing replay protection, and uses the Message Integrity Code (MIC) for high level data integrity. This is more secured compare to the one in the WEP that uses a 32-bit.

WPA Authentication Mechanisms: The mechanisms provided by the WPA are WPA-Personal or WPA-Pre- Shared Key (WPA-PSK). WPA Pre-Shared key is static and it is used in initiating communication between two users. The static key is a Pairwise Master Key (PMK) in TKIP must be ready before an association can be set [19] [20] . In the WPA-PSK, an authentication server is not required because it is most suitable for small office

Figure 4. WEP safety improvement.

Figure 5. TKIP encryption process.

or home networks. A 256-bit key is used for authentication of devices and a 64-bit MIC key and a 128-bit key is created from the pre-shared key for data encryption.

The WPA-Enterprise: This is basically designed for enterprise networks, where the EAP provides a stronger authentication method. The Remote Authentication Dial in User Service (RADIUS) is essential for providing excellent security for wireless network [21] -[24] . The EPA have various methods which include: EAP- Lightweight Extensible Authentication Protocol (EAP-LEAP), EAP-Flexible Authentication via Secure Tunneled (EAP-FAST), EAP-Message Digest 5 (EAP-MD5), EAP-Transport Layer Security (EAP-TLS), EAP- Tunneled Transport Layer Security (EAP-TTLS), EAP-Subscriber Identity Module of Global System for Mobile Communications (EAP-SIM). Figure 6 shows an EAP Infrastructure. The EAP infrastructure has three components that are vital to its authentication process:

1) EAP-Peer: this is the access client, which is attempting to gain access the network.

2) EAP-Authenticator: the access point that needs authentication before permitting network access.

3) Authentication server: RADIUS server, validates IDs of EAP-Peer and authorizes network access [25] - [27] .

Security Vulnerabilities of WPA

In WPA there are a variety of security vulnerabilities available which are:

The WPA uses a RC4 cryptography algorithm instead of an Advanced Encryption Standard (AES) that is more secured and encrypt better.

Brute force attack can also be carried out on the WPA.

The WPA is also open to Do S attacks.

The setup or configuration process is complicated.

In the WPA, several attacks are common to it such as the Beck-Tews Attack, Ohigashi-Morii Attack, Micheal Reset Attack, and WPA-PSK Attack.

4. Wireless (WPA2)

The WPA2 protocol is an improvement over the WPA. The 802.11i is completely implemented in the WPA2. The main change that was done in the WPA2 over the WPA relates to the data encryption algorithm. The Counter Mode with Cipher block Chaining Message Authentication Code Protocol (CCMP) uses a block cipher which is the Advance Encryption Standard (AES) for data encryption [28] -[31] . Table 1 shows the comparison between WEP, WPA and WPA2 protocols in terms of security.

Variety of researches conducted in the literature to enhance security in wireless networks. However due to nature vulnerable structure of wireless networks and diversification of attacks, different classifications and even different schemes could not be successful to achieve security goals in wireless networks [32] -[36] .

5. Conclusions

Data security is a vast field of study, because data get compromised, altered, and stolen always. Lots of research has not been thoroughly conducted in this aspect of security. This paper highlighted the data security process and method of the WEP, WPA, and WPA2. We found out that the WPA2 is more secured in data transmission compared to the preceding protocols, although they all have their shortcomings. Later in the paper we discussed various data encryption method for securing data before it’s been transferred. Some of the data encryption methods that were discussed are the Symmetric and Asymmetric encryption methods, types of data cipher

Figure 6. EAP infrastructre.

Table 1. Comparison between WEP, WPA and WPA2.

for data encryption such as the block and the stream data cipher; where the stream cipher seems more faster in process while block chiper has been slower but more secured. The Hash Algorithm was also discussed which used both public and private keys as well as digital signatures in data encryption progress. The different methods or techniques of encryption or cryptography hold a very strong principle of data security but if the secret key is known most times the cryptosystem gets compromised. Hence, the keeping of the secret key is vital to prevent data compromise and also the network security should be considered too, because if an attacker can gain access into the network, data packets can be captured and analyzed further using third party software to decrypt the data or corrupt the data so both the sender and the receiver don’t have the message. Other forms of data security that was not discussed in this paper are: Steganography where data is hidden and not seen compared to encryption, Data Masking, Data Erasure, Checksums, etc.

Future research would be conducted on comparing the various data security mechanisms and their performance metrics.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Kumar, U. and Gambhir, S. (2014) A Literature Review of Security Threats to Wireless Networks. International Journal of Future Generation Communication and Networking, 7, 25-34.
[2] Sari, A. (2012) Impact of Determinants on Student Performance towards Information Communication Technology in Higher Education. International Journal of Learning and Development, 2, 18-30.
[3] Benton, K. (2010) The Evolution of 802.11 Wireless Security. INF 795, April 18th, 2010. UNLV Informatics, Spring.
[4] Sari, A. and Necat, B. (2012) Impact of RTS Mechanism on TORA and AODV Protocol’s Performance in Mobile Ad Hoc Networks. International Journal of Science and Advanced Technology, 2, 188-191.
[5] Lehembre, G. (2006) Wi-Fi Security—WEP, WPA and WPA2. Article Published in Number 1/2006 (14) of Hakin9.
[6] Sari, A. and Necat, B. (2012) Securing Mobile Ad Hoc Networks against Jamming Attacks through Unified Security Mechanism. International Journal of Ad Hoc, Sensor & Ubiquitous Computing, 3, 79-94.
[7] Bulbul, H.I., Batmaz, I. and Ozel, M. (2008) Wireless Network Security: Comparison of WEP (Wired Equivalent Privacy) Mechanism, WPA (Wi-Fi Protected Access) and RSN (Robust Security Network) Security Protocols. Proceedings of the 1st International Conference on Forensic Applications and Techniques, Information, and Multimedia and Workshop, Adelaide, 21-23 January 2008.
[8] Sari, A. and Onursal, O. (2013) Role of Information Security in E-Business Operations. International Journal of Information Technology and Business Management, 3, 90-93.
[9] Arockiam, L. and Vani, B. (2010) A Survey of Denial of Service Attacks and Its Countermeasures on Wireless Network. International Journal on Computer Science and Engineering, 2, 1563-1571.
[10] Sari, A. (2014) Security Approaches in IEEE 802.11 MANET—Performance Evaluation of USM and RAS. International Journal of Communications, Network, and System Sciences, 7, 365-372.
[11] Gutjahr, A. (2012) Wired Equivalent Privacy (WEP) Functionality, Weak Points, Attacks.
[12] Sari, A. (2014) Security Issues in RFID Middleware Systems: A Case of Network Layer Attacks: Proposed EPC Implementation for Network Layer Attacks. Transactions on Networks & Communications, 2, 1-6.
[13] Tews, E. (2007) Attacks on the Wep Protocol. Cryptology ePrint Archive, Report 2007/471.
[14] Sari, A., Rahnama, B. and Caglar, E. (2014) Ultra-Fast Lithium Cell Charging for Mission Critical Applications. Transactions on Machine Learning and Artificial Intelligence, 2, 11-18.
[15] Frankel, S., Eydt, B., Owens, L. and Scarfone, K. (2007) Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. National Institute of Standards and Technology, NIST 800-97.
[16] Sari, A. (2014) Economic Impact of Higher Education Institutions in a Small Island: A Case of TRNC. Global Journal of Sociology, 4, 41-45.
[17] Masadeh, S.R. and Turab, N. (2011) A Formal Evaluation of the Security Schemes for Wireless Networks. Research Journal of Applied Sciences, Engineering and Technology, 3, 910-913.
[18] Ihonen, M., Salo, A. and Timonen, T. (2009) 802.11 Security Protocols, Seminar Report. Laboratory of Communications Software, Lappeenranta University of Technology, Lappeenranta.
[19] Mishra, A. and Arbaugh, W.A. (2002) An Initial Security Analysis of The IEEE 802.1X Standard. Technical Report CS-TR-4328 and UMIACS-TR-2002-10. Department of Computer Science, University of Maryland Institute for Advanced Computer Studies, College Park.
[20] Sari, A. (2015) A Review of Anomaly Detection Systems in Cloud Networks and Survey of Cloud Security Measures in Cloud Storage Applications. Journal of Information Security, 6, 142-154.
[21] Chen, J.-C., Jiang, M.-C. and Liu, Y.-W. (2005) Wireless LAN Security and IEEE 802.11i. IEEE Wireless Communications, 12, 27-36.
[22] Obasuyi, G. and Sari, A. (2015) Security Challenges of Virtualization Hypervisors in Virtualized Hardware Environment. International Journal of Communications, Network and System Sciences, 8, 260-273.
[23] Rigney, C., Willens, S., Rubens, A. and Simpson, W. (2000) Remote Authentication Dial in User Service (RADIUS). RFC 2865.
[24] Sari, A. and Caglar, E. (2015) Performance Simulation of Gossip Relay Protocol in Multi-Hop Wireless Networks. Social and Applied Sciences Journal, 7, 145-148.
[25] Chiornita, A., Gheorghe, L. and Rosner, D. (2010) A Practical Analysis of EAP Authentication Methods. 2010 9th Roedunet International Conference (RoEduNet), Sibiu, 24-26 June 2010, 31-35.
[26] Sari, A. and Mahmutoglu, H. (2013) Potential Issues and Impacts of ICT Applications through Learning Process in Higher Education. Procedia—Social and Behavioral Sciences, 89, 585-592.
[27] Turab, N. and Masadeh, S. (2010) Recommendations Guide for WLAN Security. International Journal of ACM Jordan, 1.
[28] Sari, A. and Rahnama, B. (2013) Addressing Security Challenges in WiMAX Environment. Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, 26-28 November 2013, 454-456.
[29] Miller, B. (2008) WPA2 Security: Choosing the Right WLAN Authentication Method for Homes and Enterprises. Global Knowledge.
[30] Sari, A. and Rahnama, B. (2013) Simulation of 802.11 Physical Layer Attacks in MANET. 2013 5th International Conference on Computational Intelligence, Communication Systems and Networks (CICSyN), Madrid, 5-7 June 2013, 334-337.
[32] Sari, A. (2014) Influence of ICT Applications on Learning Process in Higher Education. Procedia—Social and Behavioral Sciences, 116, 4939-4945.
[33] Edney, J. and Arbaugh, W.A. (2003) Real 802.11 Security: Wi-Fi Protected Access and 802.11i. Addison-Wesley, Boston.
[34] Sari, A. (2015) Lightweight Robust Forwarding Scheme for Multi-Hop Wireless Networks. International Journal of Communications, Network and System Sciences, 8, 19-28.
[35] Sari, A. (2015) Two-Tier Hierarchical Cluster Based Topology in Wireless Sensor Networks for Contention Based Protocol Suite. International Journal of Communications, Network and System Sciences, 8, 29-42.
[36] Rahnama, B., Sari, A. and Makvandi, R. (2013) Countering PCIe Gen. 3 Data Transfer Rate Imperfection Using Serial Data Interconnect. 2013 International Conference on Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), Konya, 9-11 May 2013, 579-582.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.