Tech Insight : WAP … WEP … What ???

In this tech insight, we take a brief look at the WEP and WAP security protocols, and what happened to them.

What Is WAP?

Developed by Ericsson, Motorola, Nokia, and Unwired Planet, and introduced back in 1999, Wireless Application Protocol (WAP) was a security standard for devices with a wireless Internet connection on a mobile network. It was designed to create interoperability between WAP equipment e.g., mobile phones that used the protocol, and WAP software e.g., WAP-enabled web browsers and network technologies.

Used A Gateway Intermediary

WAP worked in a similar way to the traditional client-server model but had a WAP gateway that sat between the client and server. The WAP gateway:

– Translated the WAP device requests from a mobile browser (micro browser) into an HTTP URL request and sent it to the server over the internet.

– Processed the response by sending the webpage to the WAP mobile device as a WML file that was compatible with micro browsers.

Why WAP?

Some of the benefits of WAP were:

– It gave wireless network and mobile phone operators an opportunity to improve their services while enabling the introduction of new apps that didn’t require phone or infrastructure modifications.

– It created the potential for third-party developers to write apps (in WML).

– End-users had better security when accessing online services like online banking.

What Happened To WAP?

WAP was not widely adopted around the world and by 2013, due to HTML compatibility in mobile phones, it had largely disappeared.

What Is WEP?

Wired Equivalent Privacy (WEP), which was developed in the late 1990s, was a security protocol for wireless networks that encrypted data transmitted over the WLAN using a static key with the RC4 stream encryption algorithm. The idea was to use WEP to give wireless networks the same level of protection as LANs which also benefitted from physical protection.

Protection From Unauthorised Network Access

Whereas wired networks can only be accessed by users with physical access network access points, wireless networks needed protection from threats such as people gaining access to the WLANs via the radio waves that connect to the network.

What WEP Provided

WEP provided privacy by using a data encryption key (128 or 256-bit), an initialisation vector (an arbitrary number used alongside the secret key), data integrity due to the use of a CRC-32 checksum algorithm (a string of letters and numbers acting as a fingerprint file), and authentication. This authentication could be either Open System Authentication (OSA) or Shared Key Authentication (using a multi-step challenge-response algorithm).

WEP Weaknesses

Unfortunately, WEP was found to have had several critical weaknesses such as:

– Weaknesses in the encryption and RC4 algorithms.

– The inability to authenticate individual users because all users shared the same key.

– The use of the protocol was optional and, therefore, it wasn’t always activated when new devices were installed.

What Happened To WEP?

WEP’s weaknesses and the introduction of the better Wi-Fi Protected Access (WPA) protocol meant that WEP was replaced by WPA2 in 2004. WPA2 offered stronger encryption and integrity protection. The current version is WPA3 (introduced in 2018).

What Does This Mean For Your Business?

With most of us now using mobile devices for our work and home life, particularly with the shift to remote and hybrid working over the last year, it is clear to see why security protocols for mobile networks are so important. WAP and WEP represented important steps in the evolution of network security and encryption, and lessons learned over time have led to the much more secure protocols that we use today.