Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
Multi-Application in Smart Card-based Devices Christophe Colas, Chief Software Architect August 2002.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Chapter 5 Network Security Protocols in Practice Part I
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
802.1x EAP Authentication Protocols
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Windows 2003 and 802.1x Secure Wireless Deployments.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Chapter 10: Authentication Guide to Computer Network Security.
Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.
Information Security for Managers (Master MIS)
Method of identifying mobile devices Srinivas Tenneti.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.
1 /10 Pascal URIEN, IETF 69 th, Monday July 23 rd Chicago, IL, USA draft-urien-16ng-security-api-00.txt Security API for the IEEE Security Sublayer.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Eugene Chang EMU WG, IETF 70
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 5 – Configure Site-to-Site VPNs Using Digital Certificates.
Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
Cullen Jennings Certificate Directory for SIP.
Leveraging UICC with Open Mobile API for Secure Applications and Services.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Schlumberger SIM Toolkit in GSM Wilson Cheung Schlumberger Technologies (Asia) Ltd. SIM Toolkit in GSM Wilson Cheung Schlumberger Technologies (Asia)
Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
draft-urien-tls-psk-emv-01
1 /10 Pascal URIEN, IETF 80 th, Tuesday 29 th March 2011, Prague, Czech Republic draft-irtf-hiprg-rfid-02 HIP support for RFIDs
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt.
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
© 2005 IBM Corporation TKE – Trusted Key Entry Workstation Vicente Ranieri Junior Senior Consulting IT Specialist IBM Senior Certified Professional zSeries.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Wireless Unification Theory William Arbaugh University of Maryland College Park.
Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Mobile Phone Forensics Michael Jones. Overview Mobile phones in crime The mobile phone system Components of a mobile phone The challenge of forensics.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
/13 LLCPS draft-urien-tls-llcp-01.txt Pascal Urien IETF 86, Orlando, FL, USA March 15th
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Chapter 5 Network Security Protocols in Practice Part I
58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”
My name is Pascal Urien, ENST
55th IETF Atlanta, GA, November 17-21, “EAP support in smartcards”
Presentation transcript:

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt

Slide 2/7 03/17/03 Draft Objectives 1/2 Standardization initiative for EAP support in smartcard.  Agreement between major smartcard manufacturers. Under discussion in the wlan smartcard consortium ( supported by nineteen founding members.  Definition of an “universal” ISO 7816 interface, e.g. supporting most of EAP authentication protocols. Height services are defined in this version. Three logical interfaces.  Network interface. Smartcard directly processes EAP messages (requests, notifications). EAP profiles definition. A set of rules (if needed) for supporting a particular authentication protocol (messages maximum size, …).  Operating system interface. Identity management. Multiple triplets (EAP-ID, EAP-Type, cryptographic keys) are stored in the smartcard; a triplet is required by each network. User profile, typically an LDAP record stored in the smartcard (under discussion).  Management interface. Identities & profiles download and update. Management could be done via dedicated EAP protocols (under discussion).

Slide 3/7 03/17/03 Draft Objectives 2/2. EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816  Secure Authentication.  User authentication rather than computer authentication  One smartcard for several networks.  Interoperability between EAP smartcards. Smartcard Supplicant AuthenticatorRADIUS server EAP EAP Engine EAP profile EAP profile EAP-ID EAP-Type Crypto Key(s)

Slide 4/7 03/17/03 Smartcard Facilities. Tamper resistant device, highly tested (credit card, GSM card, PKI card…) Low cost. Multiple form factors (ISO 7816 – credit card format, SIM GSM 11.11, USB…). Sufficient cryptographic performances (RSA 2048 bits calculation in 500 ms). Can be issued for millions users (half a billion – 600 millions of smartcard produced in 2001). Can compute multiple EAP protocols. Can be used in various networks (memory size around 128 kb, one Mb with the FLASH technology)

Slide 5/7 03/17/03 EAP smartcard components. Secure EAP Framework EAP-MD5 EAP-SIMEAP-TLS OTHER IDENTITYEAP-IDEAP TYPE CRYPTO Key(s) PROFILE My-HomedadMD5PasswordNetwork access policy Keys + X509 certificate Office Credentials EAP authentication protocols profiles Management Interface OS interface Get-Next-Identity() Get-Preferred-Identity() Set-Identity() Get-Pairwise-Master-Key() Get-Subscriber-Profile Add-Identity() Delete-Identity() Network interface EAP-Packets() Identity List

Slide 6/7 03/17/03 EAP smartcard, services list. SERVICEAPDUCOMMENTS Add-IdentityA P2 00 xxAdd an identity entry to the EAP smartcard Delete-IdentityA P Delete an identity entry Get-Preferred- Identity A xxGet the preferred identity Get-Next-IdentityA xxExtract the next identity from a circular list Get-Subscriber- Profile A xxGet subscriber profile. Set-IdentityA xx 00Set the smartcard current identity EAP-PacketsA xx yyProcess an EAP message (requests and notifications. Produce a response is necessary Get-Pairwise- Master-Key A0 A Get the session key.

Slide 7/7 03/17/03 EAP smartcard profiles. ProfileComments MD5Informative purpose EAP-SIMProfile for EAP-SIM EAP-TLSThe maximum EAP message length of a no fragmented packet is set to 240 bytes. For a fragmented EAP message, the maximum length value is 240 bytes. PEAPUnder Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.