Wireless Encryption Protocols

Wireless networking has played a tremendous role in the growth and complexities of today’s networks. Both enterprise and industrial networks alike, depend heavily on wireless technologies for increased network coverage and mobile communications. In the case of industrial networks, wireless technologies have opened the door to an entirely new industry of industrial wireless solutions, that includes industrial wireless routers, industrial access points, wireless media converters and a whole slew of other industrial wireless products.

However, wireless devices do present unique security concerns. Before deploying any type of enterprise or industrial wireless solution, having a thorough understanding of the different authentication and encryption methods is highly recommended.

Wired Equivalent Privacy (WEP) is an older security protocol that was susceptible to security vulnerabilities. Deprecated in 2004, WEP is no longer recommended for use. However, due to legacy equipment requirements, WEP is still available in most of today’s industrial wifi routers and access points.

WEP uses the stream cipher RC4 and CRC-32 checksum and a 64-bit key consisting of 10 hexadecimal characters string or 128-bit key consisting of 24 hexadecimal characters as part of its encryption. It also has two options for authentication: Open System authentication and Shared Key authentication.

Wi-fi Protected Access (WPA) was introduced as an intermediary by the Wi-Fi Alliance in 2003 as a solution for security vulnerabilities found in WEP. WPA takes advantage of Temporal Key Integrity Protocol (TKIP) protocol which uses a combination of dynamically generated keys, sequencing, and a 64-bit message integrity check mechanism. However, WPA also became compromised and is no longer considered secure.

WPA comes in two versions; WPA-Personal also referred to WPA-PSK (pre-shared key) and WPA-Enterprise. The enterprise version of WPA uses 802.1x security standard which requires a RADIUS server for authentication.

WPA2 replaced WPA and is the most widely used protocol in homes and production networks today. The security option is more in line with IEEE 802.11i enhancement that use “handshaking” and authentication methods normally found in IEEE 802.1x LAN networks.

WPA2 uses TKIP encryption, mainly for older legacy devices and Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) which includes Advanced Encryption Standard (AES) encryption.

WPA2 comes is personal and enterprise edition. The personal edition like WEP uses a RADIUS server for authentication.

WPA3 is the 3rd installment of the WPA and is considered the most secure. It resolves security issues found in WPA2 and simplified device configuration.

WPA3 uses a higher level of encryption (128-bit personal and 192-bit enterprise) and CCMP-128 as a mandatory requirement for personal mode. It has done away with pre-shared keys for exchanging authentication keys but instead uses Simultaneous Authentication of Equals (SAE) for its authentication mechanism.

WPA3 also comes is personal and enterprise edition. The personal edition like WPA and WPA2 uses a RADIUS server for authentication.

The 5GHz spectrum uses 24 non-overlapping channels divided in four different sections UNII-1, UNII-2, UNII-2 extended, UNII-3, and ISM. Each section has its own recommended uses and restrictions. Each channel is also 20Mhz wide with 20MHz of space separating the channels.

Wireless security has many options for securing your networks. Please be sure to check what options are right for you. If you have any questions regarding wireless security please contact Antaira toll-free at 1-844-244-0693 and our engineering teams will be happy to assist.