Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt.

Slides:

Advertisements

Similar presentations

draft-urien-tls-psk-emv-00

Advertisements

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

802.1x EAP Authentication Protocols

Protected Extensible Authentication Protocol

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

IEEE Wireless Local Area Networks (WLAN’s).

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2000, Cisco Systems, Inc. Cisco Company Confidential - Do not distributeSE Meeting – November 16th 2000 Security for Next Generation Wireless LANs.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.

What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.

Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

1 /10 Pascal URIEN, IETF 69 th, Monday July 23 rd Chicago, IL, USA draft-urien-16ng-security-api-00.txt Security API for the IEEE Security Sublayer.

By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE ) this would be an access.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

High-quality Internet for higher education and research Paul Dekkers April 4th, Turkey.

EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

12-July-2006IETF 66, Montreal1 Implementation Experience with a New Wireless EAP Method David Mitton RSA Security, Inc.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

Wireless Network Security and Interworking

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST

後卓越計畫進度報告楊舜仁老師實驗室 GPP-WLAN Interworking (collaboration with ICL/ITRI)

EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),

EAP-based Mediating Network Selection Copyright © 2003, The Internet Society Farid Adrangi Intel Corporation ( ) ACKNOWLEDGEMENTS:

802.1X in SURFnet 22 May 2003.

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

Wireless security Wi–Fi (802.11) Security

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Wireless Unification Theory William Arbaugh University of Maryland College Park.

IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.

Omniran CF00 1 Key Concepts of Authentication and Trust Establishment Date: Authors: NameAffiliationPhone Max RiegelNokia Networks+49.

1 Radius Vulnerabilities in Wireless Overview Randy Chou - Merv Andrade - Joshua Wright -

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

1 Extensible Authentication Protocol (EAP) Working Group IETF-57.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”

– Chapter 5 (B) – Using IEEE 802.1x

My name is Pascal Urien, ENST

55th IETF Atlanta, GA, November 17-21, “EAP support in smartcards”

SurfCFCC Secure Wireless Access For Students, Faculty, and Staff.

IETF Network Discovery and Selection Overview

Presentation transcript:

Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt

Pascal Urien Slide 2/6 Draft Overview EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816  Secure Authentication  User authentication rather than computer authentication. Smartcard Supplicant AuthenticatorRADIUS server EAP

Pascal Urien Slide 3/6 Draft Objectives. EAP support in smartcards.  EAP is computed in smartcard.  Profiles definition, for some EAP types (EAP-SIM, EAP-TLS, …) Interoperability between ISO 7816 EAP smartcards. Agreement between major smartcard manufacturers. Four service primitives.  Get-Next-identity()  Set-Identity()  EAP-Packet()  Get-RSN-Master-Key() EAP ENGINE IAK KERB EAP TLS EAP AKA EAP SIM MD5 EAP Smartcard

Pascal Urien Slide 4/6 Draft content. Defines 4 services primitives associated to four APDUs and two informative profiles.  EAP-SIM  EAP-MD5 4 Services, shuttled by 4 APDUs. Get_Next_Identity()  CLA=A0 INS=16 P1=01 P2=00 Lc=0 Le=xx Set_Identity()  CLA=A0 INS=16 P1=80 P2=00 Lc=xx Le=00 EAP_Packet()  CLA=A0 INS=80 P1=00 P2=00 Lc=xx Le=yy Get_RSN_Master_key()  CLA=A0 INS=A6 P1=00 P2=00 Lc=00 Le=16.

Pascal Urien Slide 5/6 System Identity Concept A wireless user may have several (EAP) identity associated to various networks. The system identity is an ASCII string pointed to a particular (EAP) identity. The draft suggest three identity types,  The network SSID as described in the standard.  The NAI, the network realms and user name.  A user’s identification (UID) e.g. an ASCII string, for example a friendly name. Get-Next-Identity()  Returns an identity from a circular list. Set-Identity()  Sets the smartcard identity, e.g everything required for EAP packet computing. The triplet (EAP-Identity, EAP-Type, Key(s)).

Pascal Urien Slide 6/6 EAP Support. EAP_Packet()  EAP-Packet() processes an EAP (request) message an returns an EAP (response) message. Get_RSN_Master_Key()  Returns the session master key, if any, deduced from a successful authentication scenario. Secure Trusted EAP Engine Master_Key In Out