Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST

Slides:

Advertisements

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Advertisements

Web security: SSL and TLS

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Lecture 6: Web security: SSL

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Secure Socket Layer.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

IEEE Wireless Local Area Networks (WLAN’s).

Network Management: SNMP

Encryption Methods By: Michael A. Scott

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Introduction to Stream Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Web Security : Secure Socket Layer Secure Electronic Transaction.

Cryptography and Network Security (SSL)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

Lesson 1: Local Area Network (LAN) Technologies LAN encapsulations Ethernet Token Ring FDDI IEEE

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt.

Doc.: IEEE /1093r0 Submission November 2005 Hitoshi MORIOKA, ROOT Inc.Slide 1 MISP based Authentication Framework Notice: This document has been.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.

Security Profiles: AMS, CFDP Scott Burleigh NASA JPL 13 June 2006.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.

TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.

Network Management: SNMP

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

Secure Sockets Layer (SSL)

58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”

Web Security (TRANSPORT-LEVEL SECURITY)

SSL (Secure Socket Layer)

Chapter 7 WEB Security.

My name is Pascal Urien, ENST

Web Security (TRANSPORT-LEVEL SECURITY)

Chapter 7 WEB Security.

Extended BFD draft-mirmin-bfd-extended

Lightweight Security Scheme for Vehicle Tracking System Using CoAP

Presentation transcript:

Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST Draft-urien-EAP-SSC-00.txt

Slide 2/9 07/17/03 EAP-SSC at a glance Use of a single EAP type.  Introduction of multiple sub-types. Symmetric or Asymmetric Key Exchange Procedures. Two working phases:  Session Key (SK) Exchange & Validation Shared Secret. Common Certification Authority.  Secure Messaging. Simple, but robust, security mechanisms, based on  SHA-1 digest  3DES, AES Secure messaging could be used to exchange messages with embedded repositories in smartcards.

Slide 3/9 07/17/03 EAP-SSC Overview EAP Secured Smartcard Channel SSC messages EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816 Smartcard Supplicant AuthenticatorRADIUS server EAP Embedded Repository

Slide 4/9 07/17/03 EAP-SSC PDUs | Code | Identifier | Length | | Type | Sub-Type | Flags |Message Length Message Length (cont) |..Payload.. | | | Digest | + | L = Length of the message included M = More fragments S = Start E = End D = Digest(Code, Identifier, Length, Type, Sub-Type, Flags, Message Length, Payload, SK) C = Ciphered (Payload) X = Sequence of X.509 Certificate(s) R = Reserved Flags |L M S E D C X R| EAP-SSC PDU EAP header

Slide 5/9 07/17/03 Key Production – Symmetric Case D i = D(M i | D i-1 | SK) Sub-Type = 1, Start, r 1 (20 bytes) r 2 (20 bytes) XOR D(r 1 | s) SK = D(r 1 | r 2 | s ) M 1, D 1 (M 1 | SK) D 1 = D(M 1 | SK) D=SHA-1 s=shared secret M 2, D 2 (M 2 | D 1 | SK) M i, D i M i+1,D i+1 End, M j, D j SK = D(r 1 | r 2 | s) D 1 = D(M 1 | SK) EAP-Success SK Production & Validation Secure Messaging r1=1 st random number r2= 2 nd random number Session Key D i = D(M i | D i-1 | SK)

Slide 6/9 07/17/03 Key Production – Asymmetric Case Sub-Type = 2, Start, Seq:C 1, Int: r 1 Seq:C 2, Int:r 2 K1public, Int:D 0 K2private SK = D(r 1 | r 2 ) M 1, D 1 (M 1 | SK) D 1 = D(M 1 | SK) C 1, C 2: Optional Sequence of X.509 Certificates r1, r2: Integer M 2, D 2 (M 2 | D 1 | SK) M i, D i M i+1, D i+1 End M j, D j SK = D(r 1 | r 2 ) D1 = D(M 1, SK) D i = D(M i | D i-1 | SK) EAP-Success D= SHA-1 Secure Messaging SK Production & Validation D i = D(M i | D i-1 | SK) r1=1 st random number r2= 2 nd random number Session Key

Slide 7/9 07/17/03 Secure Messaging All messages Mi are ended by a digest value D i. SK(r 1, r 2 [,s]) D 1 = D(M 1, SK) i>2, D i = D(M i, D i-1, SK) Message format is not yet defined. M 1,D 1 M 2,D2 SK r 1, r 2 [,s] M 3,D 3 M i,D i

Slide 8/9 07/17/03 Future Work Random number format rules, for the asymmetric case. Messages Ciphering  3DES  AES Messages Format

Slide 9/9 07/17/03 Questions ?