pascal urien slide 1/6 55th ietf atlanta, ga, november 17-21, 2002 “eap support in smartcards”...
TRANSCRIPT
![Page 1: Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt](https://reader036.vdocuments.us/reader036/viewer/2022082422/5697bfd11a28abf838cab07f/html5/thumbnails/1.jpg)
Pascal UrienSlide 1/6
55th IETFAtlanta, GA, November 17-21, 2002
“EAP support in smartcards”
My name is Pascal Urien
Draft-urien-EAP-smartcard-00.txt
![Page 2: Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt](https://reader036.vdocuments.us/reader036/viewer/2022082422/5697bfd11a28abf838cab07f/html5/thumbnails/2.jpg)
Pascal UrienSlide 2/6
Draft Overview
EAP / RADIUSEAP / RADIUSEAP / LANEAP / LANEAP / 7816EAP / 7816
RADIUS802.1xISO 7816
Secure AuthenticationUser authentication rather than computer authentication.
Smartcard Supplicant Authenticator RADIUSserver
EAPEAP
![Page 3: Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt](https://reader036.vdocuments.us/reader036/viewer/2022082422/5697bfd11a28abf838cab07f/html5/thumbnails/3.jpg)
Pascal UrienSlide 3/6
Draft Objectives. EAP support in smartcards.
EAP is computed in smartcard. Profiles definition, for some EAP
types (EAP-SIM, EAP-TLS, …) Interoperability between ISO 7816
EAP smartcards. Agreement between major
smartcard manufacturers. Four service primitives.
Get-Next-identity() Set-Identity() EAP-Packet() Get-RSN-Master-Key()
EAPENGINE
IAK KERB
EAP TLS
EAP AKA
EAP SIM MD5
EAPSmartcar
d
![Page 4: Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt](https://reader036.vdocuments.us/reader036/viewer/2022082422/5697bfd11a28abf838cab07f/html5/thumbnails/4.jpg)
Pascal UrienSlide 4/6
Draft content.
Defines 4 services primitives associated to four APDUs and two informative profiles.
EAP-SIM EAP-MD5
4 Services, shuttled by 4 APDUs. Get_Next_Identity()
CLA=A0 INS=16 P1=01 P2=00 Lc=0 Le=xx Set_Identity()
CLA=A0 INS=16 P1=80 P2=00 Lc=xx Le=00 EAP_Packet()
CLA=A0 INS=80 P1=00 P2=00 Lc=xx Le=yy Get_RSN_Master_key()
CLA=A0 INS=A6 P1=00 P2=00 Lc=00 Le=16.
![Page 5: Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt](https://reader036.vdocuments.us/reader036/viewer/2022082422/5697bfd11a28abf838cab07f/html5/thumbnails/5.jpg)
Pascal UrienSlide 5/6
System Identity Concept
A wireless user may have several (EAP) identity associated to various 802.11 networks. The system identity is an ASCII string pointed to a particular (EAP) identity. The draft suggest three identity types,
The network SSID as described in the 802.11 standard . The NAI , the network realms and user name. A user’s identification (UID) e.g. an ASCII string, for example a
friendly name.
Get-Next-Identity() Returns an identity from a circular list.
Set-Identity() Sets the smartcard identity, e.g everything required
for EAP packet computing.The triplet (EAP-Identity, EAP-Type, Key(s)).
![Page 6: Pascal Urien Slide 1/6 55th IETF Atlanta, GA, November 17-21, 2002 “EAP support in smartcards” My name is Pascal Urien urienp@wifisecurity.org Draft-urien-EAP-smartcard-00.txt](https://reader036.vdocuments.us/reader036/viewer/2022082422/5697bfd11a28abf838cab07f/html5/thumbnails/6.jpg)
Pascal UrienSlide 6/6
EAP Support.
EAP_Packet() EAP-Packet() processes an EAP (request) message
an returns an EAP (response) message. Get_RSN_Master_Key()
Returns the session master key, if any, deduced from a successful authentication scenario.
SecureTrusted
EAP Engine
Master_Key
In
Out