55th IETF Atlanta, GA, November 17-21, 2002 - PowerPoint PPT Presentation

About This Presentation
Title:

55th IETF Atlanta, GA, November 17-21, 2002

Description:

... A0 INS=16 P1=01 P2=00 Lc=0 Le=xx. Set_Identity() CLA=A0 INS=16 P1 ... CLA=A0 INS=A6 P1=00 P2=00 Lc=00 Le=16. Pascal Urien. Slide 5 /6. System Identity Concept ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 7
Provided by: joffra
Learn more at: https://www.ietf.org
Category:
Tags: 55th | ietf | atlanta | ins | november

less

Transcript and Presenter's Notes

Title: 55th IETF Atlanta, GA, November 17-21, 2002


1
55th IETFAtlanta, GA, November 17-21, 2002EAP
support in smartcards
Draft-urien-EAP-smartcard-00.txt
  • My name is Pascal Urien
  • urienp_at_wifisecurity.org

2
Draft Overview
Smartcard
Supplicant
Authenticator
RADIUS server
EAP
EAP / RADIUS
EAP / LAN
EAP / 7816
RADIUS
802.1x
ISO 7816
  • Secure Authentication
  • User authentication rather than computer
    authentication.

3
Draft Objectives.
  • EAP support in smartcards.
  • EAP is computed in smartcard.
  • Profiles definition, for some EAP types (EAP-SIM,
    EAP-TLS, )
  • Interoperability between ISO 7816 EAP smartcards.
  • Agreement between major smartcard manufacturers.
  • Four service primitives.
  • Get-Next-identity()
  • Set-Identity()
  • EAP-Packet()
  • Get-RSN-Master-Key()

EAP ENGINE
MD5
EAP SIM
IAK KERB
EAP AKA
EAP TLS
EAP Smartcard
4
Draft content.
  • Defines 4 services primitives associated to four
    APDUs and two informative profiles.
  • EAP-SIM
  • EAP-MD5
  • 4 Services, shuttled by 4 APDUs.
  • Get_Next_Identity()
  • CLAA0 INS16 P101 P200 Lc0 Lexx
  • Set_Identity()
  • CLAA0 INS16 P180 P200 Lcxx Le00
  • EAP_Packet()
  • CLAA0 INS80 P100 P200 Lcxx Leyy
  • Get_RSN_Master_key()
  • CLAA0 INSA6 P100 P200 Lc00 Le16.

5
System Identity Concept
  • A wireless user may have several (EAP) identity
    associated to various 802.11 networks. The system
    identity is an ASCII string pointed to a
    particular (EAP) identity. The draft suggest
    three identity types,
  • The network SSID as described in the 802.11
    standard .
  • The NAI , the network realms and user name.
  • A users identification (UID) e.g. an ASCII
    string, for example a friendly name.
  • Get-Next-Identity()
  • Returns an identity from a circular list.
  • Set-Identity()
  • Sets the smartcard identity, e.g everything
    required for EAP packet computing.
  • The triplet (EAP-Identity, EAP-Type, Key(s)).

6
EAP Support.
  • EAP_Packet()
  • EAP-Packet() processes an EAP (request) message
    an returns an EAP (response) message.
  • Get_RSN_Master_Key()
  • Returns the session master key, if any, deduced
    from a successful authentication scenario.

Secure Trusted EAP Engine
In
Out
Master_Key
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "55th IETF Atlanta, GA, November 17-21, 2002 " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!