Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt.

Published byNeil Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt."— Presentation transcript:

1

2 Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt

3 Pascal Urien Slide 2/6 Draft Overview EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816  Secure Authentication  User authentication rather than computer authentication. Smartcard Supplicant AuthenticatorRADIUS server EAP

4 Pascal Urien Slide 3/6 Draft Objectives. EAP support in smartcards.  EAP is computed in smartcard.  Profiles definition, for some EAP types (EAP-SIM, EAP-TLS, …) Interoperability between ISO 7816 EAP smartcards. Agreement between major smartcard manufacturers. Four service primitives.  Get-Next-identity()  Set-Identity()  EAP-Packet()  Get-RSN-Master-Key() EAP ENGINE IAK KERB EAP TLS EAP AKA EAP SIM MD5 EAP Smartcard

5 Pascal Urien Slide 4/6 Draft content. Defines 4 services primitives associated to four APDUs and two informative profiles.  EAP-SIM  EAP-MD5 4 Services, shuttled by 4 APDUs. Get_Next_Identity()  CLA=A0 INS=16 P1=01 P2=00 Lc=0 Le=xx Set_Identity()  CLA=A0 INS=16 P1=80 P2=00 Lc=xx Le=00 EAP_Packet()  CLA=A0 INS=80 P1=00 P2=00 Lc=xx Le=yy Get_RSN_Master_key()  CLA=A0 INS=A6 P1=00 P2=00 Lc=00 Le=16.

6 Pascal Urien Slide 5/6 System Identity Concept A wireless user may have several (EAP) identity associated to various 802.11 networks. The system identity is an ASCII string pointed to a particular (EAP) identity. The draft suggest three identity types,  The network SSID as described in the 802.11 standard.  The NAI, the network realms and user name.  A user’s identification (UID) e.g. an ASCII string, for example a friendly name. Get-Next-Identity()  Returns an identity from a circular list. Set-Identity()  Sets the smartcard identity, e.g everything required for EAP packet computing. The triplet (EAP-Identity, EAP-Type, Key(s)).

7 Pascal Urien Slide 6/6 EAP Support. EAP_Packet()  EAP-Packet() processes an EAP (request) message an returns an EAP (response) message. Get_RSN_Master_Key()  Returns the session master key, if any, deduced from a successful authentication scenario. Secure Trusted EAP Engine Master_Key In Out

Download ppt "Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt."

Similar presentations

draft-urien-tls-psk-emv-00

draft-urien-tls-psk-emv-00
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

Similar presentations

Ads by Google