2. 1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard” Pascal.Urien@enst.fr www.infres.enst.fr/~urien/security

3. 2 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Goals & News Main features EAP methods are securely processed by ISO 7816 smartcards. Smartcards MAY embed multiple methods with various EAP-types and credentials. Smartcards MAY simultaneously process several EAP methods. A method working with smartcards requires a smartcard (software) interface. According to the method complexity, this interface MAY manage some resources, like for example the GMT time used in the EAP-TLS protocol. What is new in draft version 6 EAP-TLS support.

4. 3 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 EAP Smart Cards and EAP-TLS Security Claims Mutual Authentication Mutual authentication is enhanced by use of true random number generator (client side) Confidentiality Record Layer and Handshake Protocol are handled by a tamper resistant device. Key Derivation PRF function is securely computed in Smart Card. Man-in-the-Middle Attacks Smart Cards improve security against Trojan Horse attacks by providing a logically tamper resistant environment for the full implementation of EAP-TLS method. Dictionary Attacks Smart Cards access is protected via pin codes with a limited number of retries; permanent blocking of the device is enforced when the number of retries is exceeded. This mechanism provides enhanced protection against dictionary attacks aiming at discovering passwords. Protection Against Rogue Networks Smart Cards provide secure storage of root certificates of trusted networks. This protects the end user against rogue networks and enables the enforcement of network roaming policies.