My name is Pascal Urien, ENST

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Chapter 10: Authentication Guide to Computer Network Security.
Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.
Information Security for Managers (Master MIS)
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
1 /10 Pascal URIEN, IETF 69 th, Monday July 23 rd Chicago, IL, USA draft-urien-16ng-security-api-00.txt Security API for the IEEE Security Sublayer.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt.
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
History and Implementation of the IEEE 802 Security Architecture
PAWS Framework draft-lei-paws-framework-datamodel-00
Authentication and handoff protocols for wireless mesh networks
Chapter 5 Network Security Protocols in Practice Part I
Module 9: Configuring Network Access
Microsoft Windows NT 4.0 Authentication Protocols
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
Security and Encryption
Layered Architectures
58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”
Introduction to 802.1X Operations for Cisco Security Professionals Exam Dumps practice-questions.html.
Security of a Local Area Network
The Tunneled Extensible Authentication Method (TEAM)
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cisco Real Exam Dumps IT-Dumps
On and Off Premise Secure Access
Secure Authentication System for Public WLAN Roaming
– Chapter 5 (B) – Using IEEE 802.1x
SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
IETF Liaison Report March 2003 Dorothy Stanley – Agere Systems
SSL (Secure Socket Layer)
55th IETF Atlanta, GA, November 17-21, “EAP support in smartcards”
3GPP2-WLAN Interworking update
Architecture Competency Group
Securing Windows 7 Lesson 10.
IEEE IETF Liaison Report
IEEE IETF Liaison Report
Install AD Certificate Services
Roaming timings and PMK lifetime
Roaming timings and PMK lifetime
Designing IIS Security (IIS – Internet Information Service)
Roaming timings and PMK lifetime
3GPP2-WLAN Interworking update
Presentation transcript:

My name is Pascal Urien, ENST Pascal.Urien@enst.fr 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” Draft-urien-EAP-smartcard-01.txt My name is Pascal Urien, ENST Pascal.Urien@enst.fr

Draft Objectives 1/2 Standardization initiative for EAP support in smartcard. Agreement between major smartcard manufacturers. Under discussion in the wlan smartcard consortium (www.wlansmartcard.org) supported by nineteen founding members. Definition of an “universal” ISO 7816 interface, e.g. supporting most of EAP authentication protocols. Height services are defined in this version. Three logical interfaces. Network interface. Smartcard directly processes EAP messages (requests, notifications). EAP profiles definition. A set of rules (if needed) for supporting a particular authentication protocol (messages maximum size, …). Operating system interface. Identity management. Multiple triplets (EAP-ID, EAP-Type, cryptographic keys) are stored in the smartcard; a triplet is required by each network. User profile, typically an LDAP record stored in the smartcard (under discussion). Management interface. Identities & profiles download and update. Management could be done via dedicated EAP protocols (under discussion).

Draft Objectives 2/2. EAP EAP / 7816 EAP / LAN EAP / RADIUS ISO 7816 Smartcard Supplicant Authenticator RADIUS server EAP EAP profile EAP profile EAP / 7816 EAP / LAN EAP / RADIUS EAP Engine ISO 7816 802.1x RADIUS EAP-ID EAP-Type Crypto Key(s) Secure Authentication. User authentication rather than computer authentication One smartcard for several networks. Interoperability between EAP smartcards.

Smartcard Facilities. Tamper resistant device, highly tested (credit card, GSM card, PKI card…) Low cost. Multiple form factors (ISO 7816 – credit card format, SIM GSM 11.11, USB…). Sufficient cryptographic performances (RSA 2048 bits calculation in 500 ms). Can be issued for millions users (half a billion – 600 millions of smartcard produced in 2001). Can compute multiple EAP protocols. Can be used in various networks (memory size around 128 kb, one Mb with the FLASH technology).

EAP smartcard components. EAP authentication protocols profiles OTHER EAP-MD5 EAP-SIM EAP-TLS Identity List Secure EAP Framework IDENTITY EAP-ID EAP TYPE CRYPTO Key(s) PROFILE My-Home dad MD5 Password Network access policy My-Office dad@dot.com TLS RSA Keys + X509 certificate Office Credentials SF-Airport dad@Airport.com SIM Ki Subscription Get-Next-Identity() Get-Preferred-Identity() Set-Identity() Get-Pairwise-Master-Key() Get-Subscriber-Profile OS interface Network interface Management Interface Add-Identity() Delete-Identity() EAP-Packets()

EAP smartcard, services list. APDU COMMENTS Add-Identity A0 16 81 P2 00 xx Add an identity entry to the EAP smartcard Delete-Identity A0 16 82 P2 00 00 Delete an identity entry Get-Preferred-Identity A0 16 02 00 00 xx Get the preferred identity Get-Next-Identity A0 16 01 00 00 xx Extract the next identity from a circular list Get-Subscriber-Profile A0 16 08 00 00 xx Get subscriber profile. Set-Identity A0 16 08 00 xx 00 Set the smartcard current identity EAP-Packets A0 80 00 00 xx yy Process an EAP message (requests and notifications. Produce a response is necessary Get-Pairwise-Master-Key A0 A6 00 00 00 20 Get the session key.

EAP smartcard profiles. Comments MD5 Informative purpose EAP-SIM Profile for EAP-SIM EAP-TLS The maximum EAP message length of a no fragmented packet is set to 240 bytes. For a fragmented EAP message, the maximum length value is 240 bytes. PEAP Under Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.