What is the IEEE 802.11 Standard and its security?

Despite the fact that Wi-Fi is a trademark owned by the Wi-Fi Alliance, an organization committed to certifying that Wi-Fi equipment fulfills the IEEE's set of 802.11 wireless standards, the name ‘Wi-Fi’ is associated with wireless access in general nowadays.

These specifications, which include 802.11b (pronounced "Eight-O-Two-Eleven-Bee," omitting the "dot") and 802.11ac, are part of a family of specifications that began in the 1990s, which is still growing today. Improvements to wireless speed and range, as well as the usage of additional frequencies as they become available, are codified in the 802.11 standards.

What do those standards represent?

The IEEE 802.11 standard is a collection of technological advancements that have been created over a long period of time. Each new breakthrough is specified by a one- or two-letter suffix to "802.11," which represents the modification to the standard. Only the 2.4-GHz band was supported by the initial 802.11 standard, which allowed for speeds of up to 2 Mbps. New coding algorithms were implemented to 802.11b to enhance the speed to 6 Mbps. 802.11a included 5-GHz support and Orthogonal Frequency Division Multiplexing (OFDM) coding techniques, boosting speed to 54 Mbps. The 802.11g standard brought OFDM from the 802.11a standard to the 2.4-GHz range. 802.11n introduced a slew of high-throughput enhancements that increased throughput by a factor of ten, allowing high-end business access points to reach signaling throughputs of 450 Mbps.

As you may have noticed, the IEEE naming method for the standard is a little confusing, so the Wi-Fi Alliance has come up with some shorter names to make it easier to comprehend.

The alliance refers to 802.11ax Wi-Fi as Wi-Fi 6 — the current emerging standard. Wi-Fi 5 is now 802.11ac, while Wi-Fi 4 is now 802.11n. According to the Wi-Fi Alliance, the goal is to make it easier for the end-user to navigate through the myriads of routers and client devices.

Meanwhile, it's crucial to note that the Wi-Fi Alliance hasn't come up with new names for all of the 802.11 standards, so familiarity with the old ones is essential. Furthermore, the IEEE, which is still working on further versions of 802.11, has not accepted these new names, making it more difficult to find out information about them using the new names.

How secure is it?

The authentication security protocols defined by the Wireless Alliance, such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), are used to secure wireless security. There are now four wireless security protocols available:

  • Wired Equivalent Privacy (WEP);
  • Wi-Fi Protected Access (WPA);
  • Wi-Fi Protected Access 2 (WPA 2);
  • Wi-Fi Protected Access 3 (WPA 3).

To be sure your network is secure, you must first identify which network yours falls under.

WEP

The first security protocol to be implemented was Wired Equivalent Privacy (WEP). It was designed in 1997 and is now outdated, however, it is still used with older devices in present times.

WEP employs a data encryption technique based on a mix of user and system-generated key values. However, hackers have devised strategies for reverse-engineering and breaking the encryption mechanism, making WEP the least secure network type.

WPA

The Wi-Fi Protected Access (WPA) protocol was created to address the weaknesses in the WEP protocol. WPA includes features like the Temporal Key Integrity Protocol (TKIP), a dynamic 128-bit key that proved more difficult to crack than WEP's static, unchanging key.

It also had encryption features like the Message Integrity Check, which looked for any tampered packets transmitted by hackers and the Pre-shared key (PSK), among others.

As detailed in this article, both WEP and WPA are very hackable, so please, take our advice and never use them.

WPA2

WPA2 introduced substantial updates and new features to the wireless security gambit in 2004. WPA2 substituted TKIP with the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is a significantly more sophisticated kind of encryption technology.

Since its creation, WPA2 has represented the industry standard; on March 13, 2006, the Wi-Fi Alliance specified that any future products using the Wi-Fi trademark must employ WPA2.

WPA2-PSK

To connect to a wireless network, WPA2-PSK requires only one password. It's often assumed that using a single password to access Wi-Fi is safe, but only if you trust the people who use it. This is obviously not very secure, considering the fact that this key may fall into wrong hands. As a result, this protocol is most commonly used for home or open Wi-Fi networks.

To encrypt a network with WPA2-PSK, you ought to provide your router with a plain-English password between 8 and 63 characters long, rather than an encryption key. CCMP is used to create unique encryption keys for each wireless client using that passcode and the network SSID. Moreover, the encryption keys are updated on a regular basis.

WPA3

WPA3 is the most recent (and improved) version of WPA2, which has been in use since 2004. In 2018, the Wi-Fi Alliance began certifying WPA3-approved equipment.

Although WPA3 is more secure than WPA2, the Wi-Fi Alliance will continue to maintain and enhance WPA2 for the foreseeable future. When compared to WPA2, WPA3 includes the following noteworthy features:

  • Stronger brute force attack protection: WPA3 defends against offline password guesses by allowing only one guess per user and forcing them to engage directly with the Wi-Fi equipment, requiring them to be physically present each time they wish to guess the password. In public open networks, WPA2 lacks built-in encryption and privacy, making brute force attacks a significant danger;
  • Simultaneous Authentication of Equals protocol (SAE): This protocol is used to provide a secure handshake between a network device and a wireless access point, in which both devices interact to verify authentication and connection. Even if a user's password is weak, WPA3 uses Wi-Fi DPP to give a more secure handshake;
  • Individualized data encryption: When connecting to a public network, WPA3 uses a mechanism other than a shared password to sign up a new device. WPA3 employs the Wi-Fi Device Provisioning Protocol (DPP), which allows users to let devices onto the network via NFC tags or QR codes. WPA3 security also employs GCMP-256 encryption instead of 128-bit encryption.

WPA3 functionality will not be extended to all devices automatically. Users who want to use WPA3-approved devices must either purchase new routers that enable WPA3 or hope that the device's manufacturer implements updates to support the new protocol.

We, at Passwork, highly recommend using the latest security protocols while constantly updating your router’s firmware. When you ignore critical updates, you risk exposing holes in your security that allow hackers to take control of your network. Use sophisticated and long passwords at all times. Even if we’re talking about your home Wi-Fi network – remember, if your password is ‘12345678’, your neighbours can easily hack into your network and spoof the data.