Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Similar presentations


Presentation on theme: "Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt."— Presentation transcript:

1

2 Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt

3 Slide 2/7 03/17/03 Draft Objectives 1/2 Standardization initiative for EAP support in smartcard.  Agreement between major smartcard manufacturers. Under discussion in the wlan smartcard consortium (www.wlansmartcard.org) supported by nineteen founding members.  Definition of an “universal” ISO 7816 interface, e.g. supporting most of EAP authentication protocols. Height services are defined in this version. Three logical interfaces.  Network interface. Smartcard directly processes EAP messages (requests, notifications). EAP profiles definition. A set of rules (if needed) for supporting a particular authentication protocol (messages maximum size, …).  Operating system interface. Identity management. Multiple triplets (EAP-ID, EAP-Type, cryptographic keys) are stored in the smartcard; a triplet is required by each network. User profile, typically an LDAP record stored in the smartcard (under discussion).  Management interface. Identities & profiles download and update. Management could be done via dedicated EAP protocols (under discussion).

4 Slide 3/7 03/17/03 Draft Objectives 2/2. EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816  Secure Authentication.  User authentication rather than computer authentication  One smartcard for several networks.  Interoperability between EAP smartcards. Smartcard Supplicant AuthenticatorRADIUS server EAP EAP Engine EAP profile EAP profile EAP-ID EAP-Type Crypto Key(s)

5 Slide 4/7 03/17/03 Smartcard Facilities. Tamper resistant device, highly tested (credit card, GSM card, PKI card…) Low cost. Multiple form factors (ISO 7816 – credit card format, SIM GSM 11.11, USB…). Sufficient cryptographic performances (RSA 2048 bits calculation in 500 ms). Can be issued for millions users (half a billion – 600 millions of smartcard produced in 2001). Can compute multiple EAP protocols. Can be used in various networks (memory size around 128 kb, one Mb with the FLASH technology)

6 Slide 5/7 03/17/03 EAP smartcard components. Secure EAP Framework EAP-MD5 EAP-SIMEAP-TLS OTHER IDENTITYEAP-IDEAP TYPE CRYPTO Key(s) PROFILE My-HomedadMD5PasswordNetwork access policy Keys + X509 certificate Office Credentials EAP authentication protocols profiles Management Interface OS interface Get-Next-Identity() Get-Preferred-Identity() Set-Identity() Get-Pairwise-Master-Key() Get-Subscriber-Profile Add-Identity() Delete-Identity() Network interface EAP-Packets() Identity List

7 Slide 6/7 03/17/03 EAP smartcard, services list. SERVICEAPDUCOMMENTS Add-IdentityA P2 00 xxAdd an identity entry to the EAP smartcard Delete-IdentityA P Delete an identity entry Get-Preferred- Identity A xxGet the preferred identity Get-Next-IdentityA xxExtract the next identity from a circular list Get-Subscriber- Profile A xxGet subscriber profile. Set-IdentityA xx 00Set the smartcard current identity EAP-PacketsA xx yyProcess an EAP message (requests and notifications. Produce a response is necessary Get-Pairwise- Master-Key A0 A Get the session key.

8 Slide 7/7 03/17/03 EAP smartcard profiles. ProfileComments MD5Informative purpose EAP-SIMProfile for EAP-SIM EAP-TLSThe maximum EAP message length of a no fragmented packet is set to 240 bytes. For a fragmented EAP message, the maximum length value is 240 bytes. PEAPUnder Discussion


Download ppt "Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt."

Similar presentations


Ads by Google