Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Published bySandy Nottingham Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)"— Presentation transcript:

1

2 1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC) Pascal.Urien@enst.fr

3 2 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Goals & Model EAP methods working with smartcards may conflict with purely software methods. Proposal: one EAP type (EAP-SC) for all smartcards. EAP messages sent/received to/from smartcard handlers are encapsulated in EAP-SC packets. It’s an EAP in EAP paradigm The EAP-SC model: three layers 1- The EAP-SC handling layer receives and sends EAP packets, selects a Smart Card handler, and passes packets to the Smart Card handler. 2- The EAP Smart Card Handler layer handles the interface to the smart card, as well as any EAP Method specific functions that are not handled in the smart card. 3- The Smart Card executes security sensitive Authentication Method functions in conjunction with the EAP Smart Card Handler.

4 3 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 EAP-SC model EAP-SC Handling Method Encapsulated EAP type EAP-TLS Smartcard Handler EAP-SIM Smartcard Handler Other Smartcard Handler Smartcard EAP messages, type=EAP-SC 1 2 3

5 4 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Payload Messages Structures codeIdtLength Vendor-Type = type IdtLength+8 Type = EAP-SC Vendor-Id=0 Payload type code type EAP-SC Message EAP Message received/sent from/to smartcard handler

6 5 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 Smart Cards and EAP Security Claims Mutual Authentication Mutual authentication processes are generally based upon the use of random numbers. Smart Cards enhance the security of these processes by providing true random number generation. Confidentiality Smart Cards improve the robustness of EAP messages encryption, by providing tamper resistant storage for the encryption keys and secure execution of the encryption algorithms. Key Derivation Smart Cards improve the confidentiality of the key derivation process by providing tamper resistant storage for the master keys and secure execution of the key derivation algorithms. Man-in-the-Middle Attacks Smart Cards improve security against Trojan Horse attacks by providing a logically tamper resistant environment for the full implementation of EAP methods and secure execution of the encryption algorithms. Dictionary Attacks Smart Cards access is commonly protected via pin codes with a limited number of retries; permanent blocking of the device is enforced when the number of retries is exceeded. This mechanism provides enhanced protection against dictionary attacks aiming at discovering passwords. Cryptographic Binding Smart Cards provides tamper resistant storage for cryptographic keys and secure execution of the tunnel creation algorithms thus enhancing the cryptographic binding process. Channel Binding Smart Cards can be used as a secure out of band distribution method for channel parameters and therefore enhance the channel binding process. Protection Against Rogue Networks Smart Cards facilitate the provisioning and secure storage of information about trusted parties, such as the root certificates of trusted networks. This protects the end user against rogue networks and enables the enforcement of network roaming policies.

Download ppt "1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Chapter 1 – Introduction

Chapter 1 – Introduction
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Key Management in Cryptography

Key Management in Cryptography

Similar presentations

Ads by Google