Presentation is loading. Please wait.

Presentation is loading. Please wait.

My name is Pascal Urien, ENST

Published byDarrell Glenn Modified over 6 years ago

Similar presentations

Presentation on theme: "My name is Pascal Urien, ENST"— Presentation transcript:

1 My name is Pascal Urien, ENST Pascal.Urien@enst.fr
56th IETF San Francisco CA, March 16-21, “EAP support in smartcards” Draft-urien-EAP-smartcard-01.txt My name is Pascal Urien, ENST

2 Draft Objectives 1/2 Standardization initiative for EAP support in smartcard. Agreement between major smartcard manufacturers. Under discussion in the wlan smartcard consortium ( supported by nineteen founding members. Definition of an “universal” ISO 7816 interface, e.g. supporting most of EAP authentication protocols. Height services are defined in this version. Three logical interfaces. Network interface. Smartcard directly processes EAP messages (requests, notifications). EAP profiles definition. A set of rules (if needed) for supporting a particular authentication protocol (messages maximum size, …). Operating system interface. Identity management. Multiple triplets (EAP-ID, EAP-Type, cryptographic keys) are stored in the smartcard; a triplet is required by each network. User profile, typically an LDAP record stored in the smartcard (under discussion). Management interface. Identities & profiles download and update. Management could be done via dedicated EAP protocols (under discussion).

3 Draft Objectives 2/2. EAP EAP / 7816 EAP / LAN EAP / RADIUS ISO 7816
Smartcard Supplicant Authenticator RADIUS server EAP EAP profile EAP profile EAP / 7816 EAP / LAN EAP / RADIUS EAP Engine ISO 7816 802.1x RADIUS EAP-ID EAP-Type Crypto Key(s) Secure Authentication. User authentication rather than computer authentication One smartcard for several networks. Interoperability between EAP smartcards.

4 Smartcard Facilities. Tamper resistant device, highly tested (credit card, GSM card, PKI card…) Low cost. Multiple form factors (ISO 7816 – credit card format, SIM GSM 11.11, USB…). Sufficient cryptographic performances (RSA 2048 bits calculation in 500 ms). Can be issued for millions users (half a billion – 600 millions of smartcard produced in 2001). Can compute multiple EAP protocols. Can be used in various networks (memory size around 128 kb, one Mb with the FLASH technology).

5 EAP smartcard components.
EAP authentication protocols profiles OTHER EAP-MD5 EAP-SIM EAP-TLS Identity List Secure EAP Framework IDENTITY EAP-ID EAP TYPE CRYPTO Key(s) PROFILE My-Home dad MD5 Password Network access policy My-Office TLS RSA Keys + X509 certificate Office Credentials SF-Airport SIM Ki Subscription Get-Next-Identity() Get-Preferred-Identity() Set-Identity() Get-Pairwise-Master-Key() Get-Subscriber-Profile OS interface Network interface Management Interface Add-Identity() Delete-Identity() EAP-Packets()

6 EAP smartcard, services list.
APDU COMMENTS Add-Identity A P2 00 xx Add an identity entry to the EAP smartcard Delete-Identity A P Delete an identity entry Get-Preferred-Identity A xx Get the preferred identity Get-Next-Identity A xx Extract the next identity from a circular list Get-Subscriber-Profile A xx Get subscriber profile. Set-Identity A xx 00 Set the smartcard current identity EAP-Packets A xx yy Process an EAP message (requests and notifications. Produce a response is necessary Get-Pairwise-Master-Key A0 A Get the session key.

7 EAP smartcard profiles.
Comments MD5 Informative purpose EAP-SIM Profile for EAP-SIM EAP-TLS The maximum EAP message length of a no fragmented packet is set to 240 bytes. For a fragmented EAP message, the maximum length value is 240 bytes. PEAP Under Discussion

Download ppt "My name is Pascal Urien, ENST"

Similar presentations

Authentication.

Authentication.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.

SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.

802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

Similar presentations

Ads by Google