Table 29 Comparison Of Eap Authentication Types - ZyXEL Communications M-302 User Manual
802.11g wireless mimo pci card
Hide thumbs
Also See for M-302:
- Specifications (2 pages) ,
- Declaration of conformity (1 page) ,
- Quick start manual (3 pages)
Table of Contents
Advertisement
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.
Table 29 Comparison of EAP Authentication Types
Mutual Authentication
Certificate – Client
Certificate – Server
Dynamic Key Exchange
Credential Integrity
Deployment Difficulty
Client Identity Protection
WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard.
Key differences between WPA and WEP are improved data encryption and user
authentication.
Select WEP only when the AP and/or wireless clients do not support WPA. WEP is less secure
than WPA.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x. WPA uses Advanced Encryption Standard (AES) in
the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP)
to offer stronger encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication
server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael. They both include a per-packet key mixing function,
a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
WPA regularly changes and rotate the encryption keys so that the same encryption key is never
used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up
a key hierarchy and management system, using the PMK to dynamically generate unique data
encryption keys to encrypt every data packet that is wirelessly communicated between the AP
and the wireless stations. This all happens in the background automatically.
Appendix C
EAP-MD5
EAP-TLS
No
Yes
No
Yes
No
Yes
No
Yes
None
Strong
Easy
Hard
No
No
M-302 User's Guide
EAP-TTLS
PEAP
Yes
Yes
Optional
Optional
Yes
Yes
Yes
Yes
Strong
Strong
Moderate
Moderate
Yes
Yes
LEAP
Yes
No
No
Yes
Moderate
Moderate
No
75
Advertisement
Table of Contents
Troubleshooting
