Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

Slide 1/7 03/17/03 56th IETF San Francisco CA, March 16-21, 2003 “EAP support in smartcards” My name is Pascal Urien, ENST Draft-urien-EAP-smartcard-01.txt.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

FIT3105 Smart card based authentication and identity management Lecture 4.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From ： Proceeding of the First International Conference on Security and Privacy for.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.

1 /10 Pascal URIEN, IETF 69 th, Monday July 23 rd Chicago, IL, USA draft-urien-16ng-security-api-00.txt Security API for the IEEE Security Sublayer.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Eugene Chang EMU WG, IETF 70

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

GSM Network Structure Lance Westberg.

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Cisco’s Secure Access Control Server (ACS)

Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

Leveraging UICC with Open Mobile API for Secure Applications and Services.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Wireless Network Security and Interworking

Slide 1/9 07/17/03 57th IETF WIEN, Austria, July 13-18, 2003 “EAP Secured Smartcard Channel” Pascal Urien, Mesmin DANDJINOU ENST

4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)

March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (

Wireless and Mobile Security

Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien Draft-urien-EAP-smartcard-00.txt.

1 /10 Pascal URIEN, IETF 76 th, Monday November 9 th Hiroshima Japan draft-urien-hip-iot-00.txt HIP support for RFID

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

1. Presentation Agenda  Identify Java Card Technology  Identify Elements of Java Card applications  Communicating with a Java Card Applet  Java Card.

Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen)

Radius, LDAP, Radius used in Authenticating Users

58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”

My name is Pascal Urien, ENST

55th IETF Atlanta, GA, November 17-21, “EAP support in smartcards”

The Secure Sockets Layer (SSL) Protocol

Architecture Competency Group

A Model For Network Security

Presentation transcript:

Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt

Slide 2/8 07/17/03 EAP EAP Support in Smartcard. Goals  Definition of an “universal” ISO 7816 interface, e.g. supporting most of EAP authentication protocols. EAP smartcard benefits  Network credentials are securely stored.  Smartcard bearer doesn’t know its network credentials (shared secret, asymmetric keys…)  EAP protocols are computed in a trusted environment.  Smartcard can’t be cloned.  Smartcard is blocked/unblocked by the user’s PIN-code Other aspects  Scalability. Half a billion smartcards produced in  Multiple form factors (ISO 7816 Credit Card Format, SIM GSM 11.11, USB…).  Sufficient cryptographic performances (RSA 2048 bits calculation in 500 ms), memory size around 128 kb, one Mb with the FLASH technology).

Slide 3/8 07/17/03 EAP Overview EAP / RADIUS EAP / LAN EAP / 7816 RADIUS802.1xISO 7816  Secure Authentication.  User authentication rather than computer authentication  One smartcard for several networks.  Interoperability between EAP smartcards. Smartcard Supplicant AuthenticatorRADIUS server EAP EAP Engine EAP profile EAP profile EAP-ID EAP-Type Crypto Key(s)

Slide 4/8 07/17/03 EAP Basic Concepts Identity  A pointer to a set of information that is needed for processing EAP-Messages, EAP-ID, EAP-Type, Cryptographic Keys User Profile, information meaningful for the terminal or the network (SSID, radio channel, X509 certificates…) Profile  Implementation recommendation for particular EAP- Type. PIN Management  EAP smartcard may be protected by a PIN code, only knew/managed by its bearer. EAP Application.  An EAP (smartcard) application may be associated to one or more EAP-Type. In that case it is started by a Select-AID command.

Slide 5/8 07/17/03 EAP EAP Smartcard Services 1/3 Four logical interfaces.  Network interface. Smartcard directly processes EAP messages (requests, notifications). EAP profiles definition. A set of rules (if needed) for supporting a particular authentication protocol (messages maximum size, …).  Operating System/Terminal interface. Identity management. Multiple triplets (EAP-ID, EAP-Type, cryptographic keys) are stored in the smartcard; a triplet is required by each network. User profile, typically an LDAP record stored in the smartcard (under discussion).  Management/Personalization interface. Identities & profiles download and update. Management could be done via dedicated EAP protocols (under discussion).  User Interface Personal Identification Number (PIN code) management

Slide 6/8 07/17/03 EAP EAP Smartcard Services 2/3 Secure EAP Framework EAP-MD5 EAP-SIMEAP-TLS OTHER IDENTITYEAP-IDEAP TYPE CRYPTO Key(s) PROFILE My-HomedadMD5Password- KeysCredentials EAP authentication protocols profiles Management Personalization Interface OS/Terminal Interface Get-Next-Identity() Get-Preferred-Identity() Get-Current-Identity() Set-Identity() Set-Multiple-Identity() Get-Session() Get-Profile-Data() Select-AID() Add-Identity() Delete-Identity() Network interface Process-EAP() Identity List User Interface Verify-PIN() Change-PIN() Enable-PIN() Disable-PIN() Unblock-PIN()

Slide 7/8 07/17/03 EAP EAP smartcard Services 3/3. SERVICE APDU CLA INS P1 P2 Lc Le COMMENTS Process-EAP Ax ii xx yyProcess an EAP message Add-Identity Ax xx 00Add an identity entry to the EAP smartcard Delete-Identity Ax xx 00Delete an identity entry Get-Current-Identity Ax xxGet the current identity Get-Next-Identity Ax xxExtract the identity from a circular list Get-Preferred-Identity Ax xxGet the preferred identity Set-Identity Ax xx 00Set the smartcard current identity Set-Multiple-Identity Ax xx 00Set an multiple identity Get-Profile-Data Ax 1A xxGet the subscriber profile. Get-Current-Version Ax 10 xx yy 00 02P1#0 is the EAP-Type, P2=0 EAP version, P2=1 WLAN Smartcard Consortium version Get-Session-Key Ax A6 00 ii 00 20Get the session key. Verify-PIN A Verify the user current PIN code Change-PIN A Change the user current PIN code Enable-PIN A Enable pin code use Disable-PIN A Disable pin code use Unblock-PIN A0 2C Unblock EAP smartcard Select-AID 00 A xx 00Start an EAP smartcard application

Slide 8/8 07/17/03 EAP EAP smartcard profiles. ProfileComments MD5Informative purpose EAP-SIMProfile for EAP-SIM EAP-TLSFragmentation issue under discussion PEAPUnder Discussion