International Journal of Scientific Research in Computer Science, Engineering and Information Technology

© 2019 IJSRCSEIT | Volume 5 | Issue 4 | ISSN : 2456-3307

DOI : https://doi.org/10.32628/CSEIT1953127
Review on Wireless Security Protocols (WEP, WPA, WPA2 & WPA3)
Dr. B. Indira Reddy, V. Srikanth
Department of Information Technology, Sreenidhi Institute of Science and Technology, Hyderabad, India

ABSTRACT

Wireless networks have posed a threat in Data Security that has stuck to the core of data communication
between two points. Absence of inflexible security measures has made numerous organizations contribute
millions to verify their systems. Development of different security conventions for Wireless LANs has been
given in this paper. Also, vulnerabilities of WEP/WPA/WPA2/WPA3 have been discussed and how the
wireless networks are attacked using the design flaws present in these Wireless Security Protocols. The use of
different tools and programming languages used for testing the strength of the protocols. Tools like nmap,
zenmap, aircrack-ng, etc., are used in the Linux environment to practically demonstrate the attacks against
these networks using WEP/WPA/WPA2/WPA3 protocols. The solutions for the shortcomings in WEP has
been applied in WPA, similarly WPA2 and WPA3.
Keywords : Wired Equivalent Privacy, Wi-Fi Protected Access, TKIP (Temporal key Integrity Protocol),
CCMP (Counter mode with Cipher block Chaining Message Authentication Code), SAE (Simultaneous
Authentication of Equals),WPA3

I. INTRODUCTION noteworthy security methodologies are referenced

underneath:
IEEE characterized 802.11 Wireless LAN Standards,
expected to enable remote association of workstations • WEP (Wired Equivalent Privacy)
to their base LAN. WLAN application speaks to a • WPA (Wi-Fi Protected Access)
developing specialty in the market, the innovation on • WPA2 (Wi-Fi Protected Access, ver 2)
which it is based begun to be utilized additionally for
another application, that of conveying Broadband II. METHODS AND MATERIAL
Wireless Access (BWA) to open systems. The primary
reason for making IEEE Standards were made in a WEP (Wired Equivalent Privacy)
diverse way to deal with the physical layer like WEP is intended to give security of wired LAN by
various frequencies and distinctive encoding encryption, utilizing RC4 algorithm with different
strategies. WLAN conventions indicate the sides of information correspondence.
utilization of 802.2 for sensible connection control
(LLC) segment of the data link layer. In WLANs, SENDER’S SIDE:
security is accomplished by encrypting the WEP utilizes four operations to encode and send the
information. Without Encryption, some other remote information. In initial step secret key is utilized in
devices can sniff the traffic in the system. The three WEP calculation is 40-bit along with 24-bit
Initialization Vector (IV) which is concatenated to

CSEIT1953127 | Received : 20 June 2019 | Accepted : 10 July 2019 | July-August -2019 [ 5 (4) : 28-35 ]
28
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

act as both encryption and decryption key. In the has been made compatible with all vendors and
second step, the subsequent keys go about as a seed existing equipment. The primary concern is to defeat
for Pseudo-Random Generator (PRNG). In the Third WEP shortcoming without the change in equipment.
Step, plaintext checks for uprightness by a calculation This was finished by including (TKIP) Temporal Key
and link by the plain content once more. In the last Integrity Protocol for encryption and 802.1X EAP for
step, the result of the key sequence and ICV will go authentication purpose to offer high security. To
to the RC4 algorithm, encoded message is framed by keep away from Information Fabrication (bit
joining the Initialization Vector before the Cipher flipping), WPA presented Message Integrity Check
text. (MIC) calculation known as "Michael".

Figure 3 WPA Encryption Algorithm (TKIP)

Figure 1: WEP encryption Sender side WPA2 (Wi-Fi protected Access 2)

Implements totally IEEE 802.11 standard and
improvement over WPA. Furnishes information
RECIPIENTS SIDE: protection by counter mode with cipher block
WEP utilizes five tasks to decrypt (IV+cipher text). chaining message Authentication Code Protocol
Firstly, the Pre-Shared key and IV are linked to make (CCMP) utilizing Advanced Encryption Standard
a secret key. In the Second step, Cipher text and (AES) block cipher. Uses WPA2-Personal and
Secret Key go to CR4 algorithm and plain text comes WPA2-enterprise for Authentication. Information
as a result. In the third step, the ICV and plain text Integrity is checked by means of Cipher Block
will isolate. Fourthly, the plaintext goes for integrity Chaining message validation. Secures against Replay
check to make another ICV and compares with assaults by 48-bit packet number.
original ICV.
CCMP Encryption Process:

• For every Medium access control Protocol Data

Unit (MPDU) there is a packet number (PN) and
this number will be increased for each next
MPDU.
• In the header of MPDU, there is something
Figure 2: WEP encryption Receivers side
which refers to as Additional Authentication
• Data (AAD) and in this field the integrity
WPA (Wi-Fi Protected Access)
conveyed by CCMP is addressed to.
It was presented by Wi-Fi alliance in late 2002. Wi-Fi
• To make the CCMP Nonce prevent the PN and,
Alliance with Electronics Engineers (IEEE) secured
A2 (MPDU address 2) and Priority field of MPDU
the feeble sections of the recently disclosed WEP
will be utilized. The Priority field has stored the
protocol and presented WPA as an interpretation. It
value of zero.

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

29
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

• In extension, the new PN along with the key WPA3 (Wi-Fi Protected Access 3)
identifier collectively will be employed to Wi-Fi union impelled WPA3 the cutting edge remote
fabricate the 64-bit CCMP header. security standard that can dispose of every current
• The nonce, group of temporal key, AAD and defencelessness. The key highlights of WPA3 are
MPDU information are utilized to make the Protection against brute force attacks, WPA3 Secrecy,
cipher and MIC. Protecting Open/Public Networks. WPA3 utilizes
• The encryption of MPDU is acquired by SAE (Simultaneous Authentication of Equals)
consolidating the CCMP header, unique MPDU handshake to offer Forward Secrecy, which keeps the
header, encrypted data, and MIC. offender from decoding old caught traffic. Gives
individualized data encryption a component that
encodes remote traffic to alleviate the danger of Man-
in-the-Middle-Attacks. Provides 192 -bit encryption
to Wi-Fi associations.

Figure 4:CCMP Encryption

CCMP Decryption Process:

• Later the encoded MPDU is acquired, the AAD
and nonce values could be extracted from the
encrypted MPDU.
• The header of the encoded MPDU is employed to
make the AAD.
• To make the nonce, the estimations of various
fields of the header will be utilized which are the
PN, MPDU address 2 (A2), and Priority fields.
• To recoup the MPDU plaintext, AAD, temporal
key, MIC, nonce and MPDU cipher text are
consolidated together. Besides now the integrity
of MPDU and AA plaintext is affirmed.
• Finally, by incorporating MAC header of MPDU
and decoded MPDU plaintext, the Plaintext of
MPDU is decrypted Figure 6: SAE Handshake

III. LITERATURE REVIEW

Arash Habibi Lashkari [1] discussed in his paper

about the structure of WEP the versions of it and the
weakness of WEP. The author explained main
weakness of WEP are RC4 algorithm because of its
Figure 5:CCMP Decryption short IV size, key management, Elementary forging

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

30
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

of Authentication messages and advances of WEP can • WEP does not anticipate replay attacks. An
be performed by using TKIP. attacker can basically record and replay packets
as wanted and they will be acknowledged as
S.Vinjosh Reddy [2] explained about cracking WEP authentic.
encryption of Wi-Fi networks So as to know about • WEP employs RC4 inappropriately. The keys
the tools used and to strengthen our Wi-Fi. utilized are frail and can be brute-forced on
standard PCs in hours to minutes, utilizing
Cracking WEP: available accessible programs.
• Client encrypts data using a key • WEP reuses initialization vectors. An assortment
• Encrypted packets are sent in the air of accessible cryptanalytic techniques that can
• Router Decrypts packets using the key decode information without obtaining the
encryption key.
Every packet is encrypted utilizing a special key • Without detection, WEP enables an attacker to
stream. change the information without obtaining the
Random Initialization Vector (IV) is employed to encryption key.
create the key stream. The initialization vector is • Key administration is insufficient and refreshing
only 24 bits. is poor.
• The issue in the RC-4 algorithm.
Enable monitor mode. • Simple producing of authentication messages.
Capture a large number of packets/IVs using
airodump-ng. Enhancements over WEP
Analyse the captured IVs and crack the key using • Improved data encryption (TKIP)
aircrack-ng. • User authentication (Use EAP Method)
If the network is too busy it may take more time to • Integrity (Michael Method)
capture enough IVs. So, force the access point to
generate new IVs. Arash Habibi Lashkari [4] gave detailed explanation
on WEP,WPA and explained the weakness and
WEP Cracking ARP Request replay improvements. Likewise, WPA2 versions, issues, and
• Wait for an ARP packet improvements that are done to explain significant
• Capture it, and replay it. shortcoming in WPA, the correlation among WEP,
• This causes the AP to produce another packet WPA, WPA2 security protocols.
with a new IV.
• Continue doing this till we have enough IVs to WPA Improvements.
break the key. • Cryptographic message integrity code to
overcome reproductions.
Arash Habibi Lashkari [3] compared WEP with • New IV sequencing system for Defeating Replay
WPA. The author defined WEP weakness and attacks.
enhancements, WPA improvements • Per Packet Key mixing capability, to de-
correspond the public IVs from feeble keys.
WEP Weakness: • Re-keying or defeating key collision attacks.
• WEP does not anticipate the fabrication of
packets.

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

31
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

Samia Alblwi [5] gave an overview of WPA2 and • Use Hashcat (v4.2.0 or higher) secret key
discussed about how vulnerabilities present in WEP cracking tool to get the WPA PSK (Pre-Shared
and WPA are fixed. Weakness of WPA2 are also Key) secret key.
discussed in this paper. • Decrypting may require some time relying upon
its length and complexity.
Yonglei Liu [6] presented attacking methods of
WPA/WPA2.Strategies like Brute force, TMTO brute Mathy Vanhoef [8] proposed an attack that misuses
force attacks, Brute forcing utilizing GPU, TKIP key the flaws in protocols to reuse and reinstall an as of
mixing Function, TKIP Beck&Tews, CCMP TMTO now being used key. For a fruitful attack the offender
attacks are unmistakably simplified. needs to fool the person into re-installing already in
use key, when the victim reinstalls this key related
Norazaidi Baharudin [7] referenced that management parameters like the incremental transmit packet
frames on 802.11 a/b/g/n were sent in decoded plain number (i.e nonce) and receive packet number (i.e
content, thus can be fooled and fabricated simply by replay counter) are reset to their original value.
the intruder. Wireless Intruder Detection System Basically, to ensure security, a key should just be
(WIDS) is intended to shield the wireless clients from introduced and utilized once. Unfortunately,
the de-authentication and disassociation attacks. discovered this isn't ensured by the WPA2 protocol.
WIDS screens beacon frames and differentiate the
SSID of the AP and the relegated authentic AP. WPA2 Vulnerabilities

Hacking WPA/WPA2 network: • Reinstallation of the Pairwise Encryption Key

• Enable monitor mode (PTK-TK), Group Key (GTK), Integrity Group
• Capture the 4 way handshake Key (IGTK) in the four-way handshake.
• The handshake doesn’t contain any data that • Reinstallation of the group key (GTK), Integrity
helps recover the key. Group Key (IGTK) in the group key handshake.
• It contains data to check whether a key is lawful • Allowing a retransmitted Fast BSS Transition (FT)
or not Re-association Request and reinstalling the
• The given 4 way handshake is compared with a Pairwise Encryption Key (PTK-TK) while
wordlist handling it.
• Reinstallation of the STK key in the Peer Key
Cracking Wi-Fi password using PMKID: handshake and Tunnelled Direct-Link Setup
• This method doesn’t require to capture (TDLS) Peer Key (TPK) in the TDLS handshake.
handshake. • Reinstallation of the Group Key (GTK) and
• An attacker can employ a tool, as hcx dump Integrity Group Key (IGTK) while handling a
instrument (v4.2.0 or higher), to challenge the Wireless Network Management (WNM) Sleep
PMKID from the targeted access point and dump Mode Response frame.
the got frame to a record.
• Appropriating the hcx cap tool, the output of the Dr.Pandi Kumar [9] incorporated the examination of
frame would then be able to be changed over into the diverse encryption strategies for standard WEP
a hash format acknowledged by Hashcat. and WPA2. The main point of the investigation is to
have a better knowledge of how excellent security
protocols are utilized, how communication channel is

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

32
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

defended, how validation is taken care of, how

information is encrypted and at last perks and Ashish Garg [15] proposed adjustment to the first
vulnerabilities of every protocol. RC4 algorithm to make it progressively secure and
much quicker, increment the span of initial vector
Babita Dagar [10] concentrated on the advancement without expanding the general size of the 64-bit
of Wireless LANs and correlation has been given session key employed in WEP and giving an outline
between the protocols. Since WPA2 is the most to dynamically change the secret key before getting
adopted protocol for wireless systems at present so its any plausibility to breaking the secret key from the
constraints are talked about. scrambled data packets.

Mahmoud Khasawneh [11] portrayed the protocols, Pranav S.Ambavkar [16] portrayed the shortcoming
such as WPA and WPA2. WPA gives client security of "Solid WPA/WPA2 Authentication" and perceive
and privacy by utilizing TKIP for encryption and that it is so straightforward to break the protocol.
Michael for data integrity. Despite the improvements New standard's WPA and WPA2 executions
given by WPA, it has some shortcomings with alongside their first minor vulnerabilities and how it
respect to the authentication and data integrity is conceivable to break.
process. New component for data integrity in WPA2
was proposed which is CCMP. Tomoaki Sato [17] proposed an agreeable WEP
algorithm to which cipher strength is increased using
Vipin Poddar's [12] paper is a near investigation of algorithm and software implementation due to which
WEP, WPA, and WPA2. To check the authentication processing rate of compatible WEP algorithm is more
of all protocols by suggesting the legendary attack high-speed than that of traditional WEP algorithm.
vector scripts i.e Air crack set of tools. The test
discovered that WEP is weakest, to which WPA was Mathy Vanhoef [18] indicated how WPA3 is
an impermanent method and WPA2 is strong with influenced by a few design flaws and review these
long haul adjustment. defects both hypothetically and practically. Clarified
how Simultaneous Authentication of Equals
Muthu Pavithran [13] plans to transmit a wireless otherwise called Dragonfly is influenced by password
penetration test and compares the encrypted key of a partitioning attacks. Likewise referenced how to
wireless network with a document that contains the alleviate their attacks in a backward-compatible way
captured packets. Additionally penetration tests in and how minor changes to the WPA3 protocol could
WEP and WPA/WPA2 protocols and furthermore have counteracted most of their attacks. The
the techniques to build up these protocols employing contributions made are:
different attacks. • Pointed out how anti-clogging mechanisms of
SAE is unable to shield denial-of-service attacks.
Kirti Rana [14] thinks about WEP and WPA • Violating the overhead of SAE’s defenses upon
encryption mechanism for better knowledge of their already-known side-channels, a resource-
working standards and security bugs. How security constrained device can load the CPU of a known
protocols validate the clients? How simple it is to Access Point (AP).
break the security protocols of wireless systems with • Performed dictionary attack against WPA3 when
a set of tools. Utilization of aircrack-ng and comm- it is running in transition mode this is done by
view tool to demonstrate methods for hacking.

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

33
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

downgrading the clients to WPA2 and also [2]. S.vinjosh Reddy, K.Rijutha, K.Sai Ramani, Sk
downgrade attack against SAE. Mohammad Ali, CH.Pradeep Reddy, “Wireless
• Empirically studied the probability of timing Hacking - A WiFi Hack By Cracking WEP”,
attacks against WPA3’s SAE handshake and 201O 2nd International Conference on
validated timing attacks are possible and can Education Technology and Computer (ICETC)
disclose information about the password. [3]. Arash Habibi Lashkari, Masood Mansoori, Amir
• Theoretically and practically how the recovered Seyed Danesh “Wired Equivalent Privacy
timing and cache info can be used to implement (Wep) Versus Wi-Fi Protected Access
an offline password partitioning attack which (Wpa)”2009 International Conference On
facilitates an adversary to retrieve the password Signal Processing Systems
used by the victim. [4]. Arash Habibi Lashkari, Mir Mohammad Seyed
Danesh, Behrang Samadi,”A Survey on
IV. CONCLUSION Wireless Security Protocols(WEP, WPA and
WPA2/802.11i)
In this review paper various Wireless Security [5]. Samia Alblwi, Khalil Shujaee ,”A Survey on
protocols like WEP/WPA/WPA2/WPA3 are Wireless Security Protocol WPA2”, Int'l Conf.
discussed. At first overview of WEP is given and how Security and Management | SAM'17 |
the attacks take place in WEP based networks can be [6]. Yonglei Liu, Zhigang Jin, Ying Wang, “Survey
seen. Secondly, the improvements made to on security scheme and attacking methods of
WPA/WPA2/WPA3 to overcome all types of attacks WPA/WPA2”
are discussed. Vulnerabilities of each protocol and the [7]. Norzaidi Baharudin, Fakariah Hani Mohd Ali,
improvements over the preceding are mentioned. Mohamad Yusof Darus, Norkhushaini Awang,
Though the drafting of Wireless Security Protocols is “Wireless Intruder Detection System (WIDS) in
done very efficiently and productively still there are Detecting De-Authentication and
some vulnerabilities which are seen after the Disassociation Attacks in IEEE 802.11”
implementation due to which there may be some cost [8]. Mathy Vanhoef, Frank Piessens,” Key
restrictions or hardware restrictions to apply the Reinstallation Attacks: Forcing Nonce Reuse in
patches or replace the equipment. So, the conclusion WPA2”
of this paper is that the security issues must be [9]. Dr.T.Pandikumar1, Mohammed Ali Yesuf,”Wi-
carefully kept in mind while designing the Wireless Fi Security and Test Bed Implementation for
Security Protocols as the hackers are discovering new WEP and WPA Cracking”
ways to engage. Also, we must hack our systems so as [10]. BabitaDagar, Neha Goyal,” Integrating
to point out the loopholes in our network and cover Enhanced Security Measures in
them before anyone attacks. WEP/WPA/WPA2-PSK”
[11]. Mahmoud Khasawneh, Izadeen Kajman,
V. REFERENCES Rashed Alkhudaidy, and Anwar Althubyani,” A
Survey on Wi-Fi Protocols:WPA and WPA2”
[1]. Arash Habibi Lashkari, F. Towhidi, R. S. [12]. Vipin Poddar, Hitesh Choudhary,” A
Hoseini, “Wired Equivalent Privacy(WEP)”, Comparitive Analysis Of Wireless Security
ICFCC Kuala Lumpur Conference, Published Protocols (Wep And Wpa2)”
by IEEE Computer Society, Indexed by [13]. Muthu Pavithran. S, Pavithran. S,” Advanced
THAMSON ISI, 2009. Attack Against Wireless Networks Wep,

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

34
 Dr. B. Indira Reddy et al Int J Sci Res CSE & IT. July-August-2019 ; 5(4) : 28-35

Wpa/Wpa2-Personal And Wpa/Wpa2- Cite this article as :

Enterprise”
[14]. Kirti Rana, Aakanksha Jain, “Comparison and Dr. B. Indira Reddy, V. Srikanth, "Review on
Analysis of Existing Security Protocols in Wireless Security Protocols (WEP, WPA, WPA2 &
Wireless Networks” WPA3)", International Journal of Scientific Research
[15]. Ashish Garg,” A Novel Approach to Secure in Computer Science, Engineering and Information
WEP by Introducing an Additional layer over Technology (IJSRCSEIT), ISSN : 2456-3307, Volume
RC4” 5 Issue 4, pp. 28-35, July-August 2019. Available at
[16]. Pranav S. Ambavkar, Pranit U. Patil, doi : https://doi.org/10.32628/CSEIT1953127
Dr.B.B.Meshram, Prof. Pamu Kumar Swamy,” Journal URL : http://ijsrcseit.com/CSEIT1953127
WPA Exploitation In The World Of Wireless
Network”
[17]. Tomoaki Sato, Phichet Moungnoue, and Masa-
aki Fukase,” Compatible WEP Algorithm for
Improved Cipher Strength and High-Speed
Processing”
[18]. Mathy Vanhoef, Eyal Ronen, “Dragonblood: A
Security Analysis of WPA3’s SAE Handshake”
[19]. Arif Sari, Mehmet Karay,” Comparative
Analysis of Wireless Security Protocols: WEP
vs WPA”
[20]. V.A.A.S.Perera, E.A.M.K.B.Ekanayake, S.S.
Shurane, P.A.Isuru Udayanga, J.P.Maharajage,
R.M.C.Bandara, Dhishan Dhammearatchi, ”
Enhancement WPA2 protocol with WTLS to
certify security in large scale organizations
inner access layer Wi-Fi media associated
devices”
[21]. Kashish Monga, Vishal Arora, Ashish Kumar,
“Analyzing the behavior of WP A with
modification”, 2015 IEEE International
Conference on Communication Networks
(ICCN)
[22]. Jose Perez, “A Survey Of Wireless Network
Security Protocols”

Volume 5, Issue 4, July-August-2019 | http://ijsrcseit.com

35