Table 184 Comparison Of Eap Authentication Types; User Authentication - ZyXEL Communications P-334WT User Manual

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.

Table 184 Comparison of EAP Authentication Types

Mutual Authentication
Certificate – Client
Certificate – Server
Dynamic Key Exchange
Credential Integrity
Deployment Difficulty
Client Identity Protection
WPA(2)

User Authentication

WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless stations using an external RADIUS database.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol
(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also
uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining
Message authentication code Protocol (CCMP) to offer stronger encryption.
TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication
server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named
Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up
a key hierarchy and management system, using the PMK to dynamically generate unique data
encryption keys to encrypt every data packet that is wirelessly communicated between the AP
and the wireless stations. This all happens in the background automatically.
WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael.
Appendix E Wireless LANs
EAP-MD5 EAP-TLS
No Yes
No Yes
No Yes
No Yes
None Strong
Easy Hard
No No
P-334WT User's Guide
EAP-TTLS PEAP
Yes Yes
Optional Optional
Yes Yes
Yes Yes
Strong Strong
Moderate Moderate
Yes Yes
LEAP
Yes
No
No
Yes
Moderate
Moderate
No
441