Table 286 comparison of eap authentication types, User authentication, Encryption – ZyXEL Communications 5 Series User Manual

ZyWALL 5/35/70 Series User’s Guide

Appendix G Wireless LANs

767

If this feature is enabled, it is not necessary to configure a default encryption key in the
Wireless screen. You may still configure and store keys here, but they will not be used while
Dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use
dynamic keys for data encryption. They are often deployed in corporate environments, but for
public deployment, a simple user name and password pair is more practical. The following
table is a comparison of the features of authentication types.

WPA

User Authentication

WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless stations using an external RADIUS database.

Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP) or
Advanced Encryption Standard (AES), Message Integrity Check (MIC) and IEEE 802.1x.

TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication
server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named
Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.

TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice.

Table 286 Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

No

Yes

Yes

Yes

Yes

Certificate – Client

No

Yes

Optional

Optional

No

Certificate – Server

No

Yes

Yes

Yes

No

Dynamic Key Exchange

No

Yes

Yes

Yes

Yes

Credential Integrity

None

Strong

Strong

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Moderate

Moderate

Client Identity Protection

No

No

Yes

Yes

No