Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST

Published byPhyllis Knight Modified over 8 years ago

Similar presentations

Presentation on theme: "Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST"— Presentation transcript:

1

2 Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST Pascal.Urien@enst.fr Draft-urien-EAP-SSC-00.txt

3 Slide 2/9 07/17/03 EAP-SSC at a glance Use of a single EAP type.  Introduction of multiple sub-types. Symmetric or Asymmetric Key Exchange Procedures. Two working phases:  Session Key (SK) Exchange & Validation Shared Secret. Common Certification Authority.  Secure Messaging. Simple, but robust, security mechanisms, based on  SHA-1 digest  3DES, AES Secure messaging could be used to exchange messages with embedded repositories in smartcards.

4 Slide 3/9 07/17/03 EAP-SSC Overview EAP Secured Smartcard Channel SSC messages EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816 Smartcard Supplicant AuthenticatorRADIUS server EAP Embedded Repository

5 Slide 4/9 07/17/03 EAP-SSC PDUs 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code | Identifier | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Sub-Type | Flags |Message Length +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Message Length (cont) |..Payload.. | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Digest | + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L = Length of the message included M = More fragments S = Start E = End D = Digest(Code, Identifier, Length, Type, Sub-Type, Flags, Message Length, Payload, SK) C = Ciphered (Payload) X = Sequence of X.509 Certificate(s) R = Reserved Flags 7 6 5 4 3 2 1 0 +-+-+-+-+-+-+-+-+ |L M S E D C X R| +-+-+-+-+-+-+-+-+ EAP-SSC PDU EAP header

6 Slide 5/9 07/17/03 Key Production – Symmetric Case D i = D(M i | D i-1 | SK) Sub-Type = 1, Start, r 1 (20 bytes) r 2 (20 bytes) XOR D(r 1 | s) SK = D(r 1 | r 2 | s ) M 1, D 1 (M 1 | SK) D 1 = D(M 1 | SK) D=SHA-1 s=shared secret M 2, D 2 (M 2 | D 1 | SK) M i, D i M i+1,D i+1 End, M j, D j SK = D(r 1 | r 2 | s) D 1 = D(M 1 | SK) EAP-Success SK Production & Validation Secure Messaging r1=1 st random number r2= 2 nd random number Session Key D i = D(M i | D i-1 | SK)

7 Slide 6/9 07/17/03 Key Production – Asymmetric Case Sub-Type = 2, Start, Seq:C 1, Int: r 1 Seq:C 2, Int:r 2 K1public, Int:D 0 K2private SK = D(r 1 | r 2 ) M 1, D 1 (M 1 | SK) D 1 = D(M 1 | SK) C 1, C 2: Optional Sequence of X.509 Certificates r1, r2: Integer M 2, D 2 (M 2 | D 1 | SK) M i, D i M i+1, D i+1 End M j, D j SK = D(r 1 | r 2 ) D1 = D(M 1, SK) D i = D(M i | D i-1 | SK) EAP-Success D= SHA-1 Secure Messaging SK Production & Validation D i = D(M i | D i-1 | SK) r1=1 st random number r2= 2 nd random number Session Key

8 Slide 7/9 07/17/03 Secure Messaging All messages Mi are ended by a digest value D i. SK(r 1, r 2 [,s]) D 1 = D(M 1, SK) i>2, D i = D(M i, D i-1, SK) Message format is not yet defined. M 1,D 1 M 2,D2 SK r 1, r 2 [,s] M 3,D 3 M i,D i

9 Slide 8/9 07/17/03 Future Work Random number format rules, for the asymmetric case. Messages Ciphering  3DES  AES Messages Format

10 Slide 9/9 07/17/03 Questions ?

Download ppt "Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS

Web security: SSL and TLS
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.

Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Network Management: SNMP

Network Management: SNMP
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

TCP/IP Protocol Suite 1 Chapter 21 Upon completion you will be able to: Network Management: SNMP Understand the SNMP manager and the SNMP agent Understand.

Similar presentations

Ads by Google