1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Security at the Network Layer: IPSec

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Chapter 1 – Introduction

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

802.1x EAP Authentication Protocols

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

IEEE Wireless Local Area Networks (WLAN’s).

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Key Management in Cryptography

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Wireless and Security CSCI 5857: Encoding and Encryption.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 /10 Pascal URIEN, IETF 69 th, Monday July 23 rd Chicago, IL, USA draft-urien-16ng-security-api-00.txt Security API for the IEEE Security Sublayer.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Eugene Chang EMU WG, IETF 70

Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

An Analysis of Bluetooth Security

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

WEP Protocol Weaknesses and Vulnerabilities

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

SSL/TLS How to send your credit card number securely over the internet.

Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

Lecture 24 Wireless Network Security

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”

The Tunneled Extensible Authentication Method (TEAM)

My name is Pascal Urien, ENST

Security in SDR & cognitive radio

Presentation transcript:

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

2 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Goals & Model EAP methods working with smartcards may conflict with purely software methods. Proposal: one EAP type (EAP-SC) for all smartcards. EAP messages sent/received to/from smartcard handlers are encapsulated in EAP-SC packets. It’s an EAP in EAP paradigm The EAP-SC model: three layers 1- The EAP-SC handling layer receives and sends EAP packets, selects a Smart Card handler, and passes packets to the Smart Card handler. 2- The EAP Smart Card Handler layer handles the interface to the smart card, as well as any EAP Method specific functions that are not handled in the smart card. 3- The Smart Card executes security sensitive Authentication Method functions in conjunction with the EAP Smart Card Handler.

3 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 EAP-SC model EAP-SC Handling Method Encapsulated EAP type EAP-TLS Smartcard Handler EAP-SIM Smartcard Handler Other Smartcard Handler Smartcard EAP messages, type=EAP-SC 1 2 3

4 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Payload Messages Structures codeIdtLength Vendor-Type = type IdtLength+8 Type = EAP-SC Vendor-Id=0 Payload type code type EAP-SC Message EAP Message received/sent from/to smartcard handler

5 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Smart Cards and EAP Security Claims Mutual Authentication Mutual authentication processes are generally based upon the use of random numbers. Smart Cards enhance the security of these processes by providing true random number generation. Confidentiality Smart Cards improve the robustness of EAP messages encryption, by providing tamper resistant storage for the encryption keys and secure execution of the encryption algorithms. Key Derivation Smart Cards improve the confidentiality of the key derivation process by providing tamper resistant storage for the master keys and secure execution of the key derivation algorithms. Man-in-the-Middle Attacks Smart Cards improve security against Trojan Horse attacks by providing a logically tamper resistant environment for the full implementation of EAP methods and secure execution of the encryption algorithms. Dictionary Attacks Smart Cards access is commonly protected via pin codes with a limited number of retries; permanent blocking of the device is enforced when the number of retries is exceeded. This mechanism provides enhanced protection against dictionary attacks aiming at discovering passwords. Cryptographic Binding Smart Cards provides tamper resistant storage for cryptographic keys and secure execution of the tunnel creation algorithms thus enhancing the cryptographic binding process. Channel Binding Smart Cards can be used as a secure out of band distribution method for channel parameters and therefore enhance the channel binding process. Protection Against Rogue Networks Smart Cards facilitate the provisioning and secure storage of information about trusted parties, such as the root certificates of trusted networks. This protects the end user against rogue networks and enables the enforcement of network roaming policies.