Presentation is loading. Please wait.

Presentation is loading. Please wait.

58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”

Published byJoshua Beasley Modified over 6 years ago

Similar presentations

Presentation on theme: "58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”"— Presentation transcript:

1 Pascal Urien & All Pascal.Urien@enst.fr
58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards” draft-urien-eap-smartcard-03.txt Pascal Urien & All

2 EAP Support in Smartcard – Overview
Goals: EAP support in smartcard Definition of an “universal”, opened, ISO 7816 interface, e.g. supporting most of EAP authentication protocols. Could be a new item at the EAP WG. EAP smartcard benefits: security enhancement EAP protocols are computed in a trusted and tamper resistant environment. Network credentials are securely stored. Smartcard bearer doesn’t know its network credentials (shared secret, asymmetric keys…) Smartcard can’t be cloned. Smartcard use is enable by the user’s PIN-code Smartcard private values are protected by the issuer’s PIN-code Other aspects: scalability, availability, performances Scalability. One billion smartcards produced in 2003. Multiple form factors (ISO 7816 Credit Card Format, SIM GSM 11.11, USB…). Sufficient cryptographic performances (RSA 2048 bits calculation in 500 ms), memory size around 128 kb, one Mb with the FLASH technology).

3 EAP Smartcard Services
Network interface. EAP messages processing (requests, notifications). A session key (PMK …) may be computed. EAP profile. A guideline for a particular EAP protocol (MD5, EAP-TLS, EAP-SIM, …). Operating System/Terminal interface. Identity Management. Multiple triplets (EAP-ID, EAP-Type, cryptographic keys) are stored in the smartcard and pointed by an identity parameter. User Profile. An information (ASN.1 encoded) meaningful for the terminal or the network. Preferred SSIDs X509 Certificates. Management/Personalization interface. Identities & User Profiles setting. User/Issuer Interface EAP smartcard is logically protected by two Personal Identification Number User PIN code (user protection). Issuer PIN code (service protection).

4 Use Case Start EAP Application User PIN Code Verification
// Select EAP application (AID= ) Select.request: 00 A Select.response: 90 00 // Get current identity Get-Current-Identity.request: A Get-Current-Identity.response // !Pin code is requested // PIN code verification (0000) Verify.request: A FF FF FF FF Verify.response: // Try again Get-Current-Identity.response: C 04 Get-Current-Identity.request A Get-Current-Identity.response: // Get-Next-Identity() Get-Next-Identity.request: A Get-Next-Identity.response: 6C 04 Get-Next-Identity.request: A Get-Next-Identity.response: // Set-Identity() Set-Identity.request: A Set-Identity.response: 90 00 // Process EAP-Packets() EAP-Packet.request: A A EAP-Packet.response: GetResponse.request: A0 C GetResponse.response: 02 A EAP-Packet.request A A EAP-Packet.response: GetResponse.request: A0 C GetResponse.response: 02 A CF A5 2D CD 63 5F 5C 6D 55 B8 09 FD B7 BB EC 3C 90 00 User PIN Code Verification Identity Discovery Identity Setting Identity EAP Messages Processing MD5

Download ppt "58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.

SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)

Similar presentations

Ads by Google