Protecting Your Wireless Communication By Clevin Wong

In recent years, due to the proliferation of low cost mobile devices like notebook/netbook computers and Wi-Fi phones, more and more people use these devices for communication and Internet access via the wireless networks.

However, wireless networks are insecure by nature. In wireless networks, data transmissions are broadcast over radio waves through the open air. Hence, they are more susceptible to security attacks (e.g. eavesdropping, unauthorized access) than wired networks [1]. Data interception and tampering is easy for anyone with the proper hardware and/or software tools and knowledge.

Therefore, it is important to provide additional measures to protect the communication to ensure the data confidentiality and integrity of your data. Data encryption and user authentication are two of the basic security measures. Data encryption protects the vulnerable wireless link between client devices and access points by encrypting all data in the transmission. User authentication protects against unauthorized access to the wireless network. Currently, there are three common protection methods for wireless networks, namely, WEP, WPA and WPA2.

Wired Equivalent Privacy (WEP)

WEP was introduced in 1997, intended to give wireless networks the equivalent level of privacy protection comparable to that of a traditional wired network. However, due to its imperfect encryption key implementation and lack of authentication, several serious security weaknesses of WEP have been identified and publicly reported since 2001 [2]. Today, with publicly available tools, hackers may intercept and modify the transmissions protected by WEP within minutes. Hence, WEP is regarded as insecure and vulnerable to network attacks. It is only a little better than having no encryption. WEP was deprecated as a wireless privacy mechanism in 2004 though it still is being widely used to-day due to many legacy mobile devices support only WEP.

Wi-Fi Protected Access (WPA)

Owing to the weaknesses of WEP, WPA was introduced in 2003 to address all the known weaknesses of WEP. WPA uses a strong encryption technology called Temporal Key Integrity Protocol (TKIP) to overcome the security weaknesses of WEP. It also bundles with authentication service that WEP does not offer. WPA provides assurance that user data will be protected and that only authorized users may access the wireless networks. Although considered as a secure method, it still has its weaknesses chiefly on the TKIP protocol with weak passwords [8][9].

Wi-Fi Protected Access 2 (WPA2)

WPA2 was introduced in 2004 as the next generation of WPA [4][5]. It is based on the ratified IEEE 802.11i standard. WPA2 is backward compatible with WPA. WPA2 enhances the encryption strength of WPA by replacing the TKIP protocol with the Advanced Encryption Standard (AES) encryption algorithm. AES satisfies the U.S. government security requirements and complies with the Federal Information Processing Standards (FIPS) 140-2 standard. Today, WPA2 is by far the strongest security system available for wireless networks.

Wireless Networks in CityU

The CityU wireless local area network (WLAN) was introduced in 1997 and matured in 2006. Currently two types of connections are supported: (1) Secure connection with data encryption via WPA/WPA2, and (2) Insecure connection without data encryption via web logon. The CSC strongly recommends users to the secure WPA/WPA2 connection for the sake of data protection. The insecure connection should be avoided unless your device does not support WPA/WPA2 and data privacy is unimportant. For details, please refer to the CityU WLAN page [6].