HP iPAQ supported wireless authentication protocols
HP iPAQ series with either Microsoft Pocket PC 2003 ROM Upgrade or Microsoft Pocket PC 2002
Operating System
Protocol model
h5400
(PPC 2002)
h5400
(PPC 2003)
h5500
h4100
h4300
rx3000
hx4700
h6300
WEP 64*
√
√
√
√
√
√
√
√
WEP 128*
√
√
√
√
√
√
√
√
LEAP*
√
√
√
√
√
X
√
√
EAP-TLS*
X
√
√
√
√
√
√
√
PEAP* X
√
√
√
√
√
√
√
WPA* **
X
X
√
√
√
√
√
√
*h5400 with Microsoft Widows Pocket PC 2003 ROM upgrade
**h5500 component of WPA supported with ROM, WLAN firmware, and driver updates
LEAP
Cisco Compatible Extensions (CCXs) are a collection of authentication protocol features that include
some security enhancements. One part of this Cisco collection is LEAP. LEAP is not a true EAP type
protocol, as such LEAP authentication is not supported in networks using WPA/WPA-PSK encryptions;
support for LEAP is found only in Cisco access points and infrastructure. All HP iPAQ handheld
devices that ship with Wi-Fi radios support LEAP. Another aspect of CCX is Cisco Key Integrity
Protocol (CKIP), which is a Cisco proprietary implementation of temporal key support.
A LEAP-based network authenticates user credentials before allowing access to the network; inner and
outer authentications are not required. While this does reduce the overall infrastructure load, there are
some security concerns surrounding this implementation.
For additional information about the LEAP authentication protocol, refer to the Cisco web site:
www.cisco.com
.
PEAP
802.1X EAP type PEAP uses digital certificates for network server authentication and passwords for
client authentication. PEAP requires an EAP user name, EAP password, and a Certificate of Authority
(CA). Dynamic encryption keys are also used in this authentication type.
Microsoft, Cisco, and RSA Security created this EAP type to reduce the certificate requirements found
in EAP-TLS. This EAP type uses a root server certificate in setting up the secure tunnel to the
authentication server. This allows user credentials to then be obtained and transmitted to the
authentication server. Unlike EAP-TLS, this protocol will authenticate the user, but not necessarily the
device.
EAP-TLS
802.1X EAP type Transport Layer Security (EAP-TLS) ensures Internet privacy between communicating
applications and their users. When a server and user communicate, TLS prevents a third party from
eavesdropping or tampering with the transmissions. A TLS connection uses an encryption method. TLS
allows the server and user to authenticate each other and to negotiate for an encryption algorithm
and cryptographic keys before data is exchanged.
6