Abstract
This paper presents the first javacard platform dedicated to IP (Wireless) LAN security issues. We have defined an open architecture that processes Extensible Authentication Protocol (EAP) in smartcards, which is the standard defined by IETF1 and IEEE-8022 committees for users’ authentication in various network environments like Wi-Fi, WiMax, or IPSEC 3. These tamper resistant devices are generally considered as the most trusted computing platforms. They have been selected by the DoD4 for military ID cards, by the Belgium government for citizen ID cards, and they will be included in US and European passports. Although secure, javacards are cheap and manufactured by many companies. We present and analyze results obtained with five different smartcards, for two authentication scenari. The first works with an asymmetric algorithm (EAP-TLS, a transparent transport of the well known SSL5 standard), the second uses a pre-share key scheme (EAP-PSK) based on the AES algorithm and the One-Key CBC MAC function (OMAC), which is under consideration by NIST6 for standardization. We demonstrate that this open and flexible approach, is working with existing components, although performances enhancement is necessary.
Internet Engineering Task Force.
Institute of Electrical and Electronics Engineers, IEEE 802 LAN/MAN Standards Committee.
IP Security Protocol.
United State Department Of Defense.
Secure Sockets Layer.
National Institute of Standards and Technology.
Chapter PDF
Similar content being viewed by others
Keywords
6 References
International Organization for Standardization (ISO) “Identification cards-Integrated circuits) card with contact” ISO/IEC 7816.
PC/SC (1996), Interoperability Specification for ICCs and Personal Computer Systems, © 1996 CP8 Transac, HP, Microsoft, Schlumberger, Siemens Nixdorf.
H. Krawczyk, M. Bellare, R. Canetti, “HMAC: Keyed-Hashing for Message Authentication”, RFC 2104, September 1997.
ETSI-GSM 11.11 “Digital cellular telecommunications system (Phase2+); Specification of the Subscriber Interface Identity Module — Mobile Equipment (SIM_ME) interface”.
ETSI GSM 11.19, “Digital cellular telecommunications system (Phase 2+); GSM API for SIM toolkit stage 2”
B. Aboba, D. Simon, “PPP EAP TLS Authentication Protocol”, RFC 2716, October 1999.
T. Dierks, C. Allen,, “The TLS Protocol Version 1.0”, RFC 2246, January 1999
Institute of Electrical and Electronics Engineers, “Standard for Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications”, IEEE Standard 802.11, 1999.
Zhiqun Chen, “Java Card Technology for Smart Cards: Architecture and Programmer’s Guide”, SUN book, 2000
N. Borisov, I. GoldBerg, D. Wagner, Intercepting Mobile Communications: The Insecurity of 802.11, Proceeding of the Eleventh Annual International Conference on Mobile Computing And Network, p180, July 16–21, 2001.
S. Fluhrer, I. Mantin, A. Shamir, Weakness in the key scheduling algorithm of RC4, 8th Annual Workshop on Selected Areas in Cryptography, August 2001.
National Institute of Standards and Technology, “Specification for the Advanced Encryption Standard (AES)”, Federal Information Processing Standards (FIPS) 197, November 2001. Institute of Electrical and Electronics Engineers, “Local and Metropolitan Area Networks: Port-Based Network Access Control”, IEEE Standard 802.1X, September 2001.
Struif, B.; Scheuermann, D, “Smartcards with biometric user verification”, Multimedia and Expo, 2002. ICME’ 02. Proceedings. 2002 IEEE International Conference on, Volume: 2, 26–29 Aug. 2002 Pages:589–592 vol.2
Gilbert, H., “The Security of One-Block-to-Many Modes of Operation”, FSE 03, Springer-Verlag LNCS 2287, 2003.
Iwata, T. and K. Kurosawa, “OMAC: One-Key CBC MAC”, FSE 03, Springer-Verlag LNCS 2887, 2003.
M. Loutrel, P. Urien, G. Pujolle, “A smartcard for authentication in WLANs”, Proceedings of the 2003 IFIP/ACM Latin America conference on Towards a Latin American agenda for network research, La Paz, Bolivia, October 2003
P. Urien, M. Loutrel, “The EAP smartcard. A tamper resistant device dedicated to 802.11 wireless networks”, 3rd Worshop on applications and Services in Wireless Networks, Berne, Switzerland, July 2–4, 2003.
Institute of Electrical and Electronics Engineers, “Approved Draft Supplement to Standard for Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security”, IEEE 802.1Li-2004, 2004.
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J. and H. Levkowetz, “Extensible Authentication Protocol (EAP)”, RFC 3748, June 2004.
Bellare, M., Rogaway, P. and D. Wagner, “The EAX mode of operation”, FSE 04, Springer-Verlag LNCS 3017, 2004
Urien P, Farrugia F, Groot M, Abellan J, “EAP-Support in Smartcard”, draft-urien-eapsmartcard-08.txt, 2005
Bersani. F, “The EAP-PSK Protocol: a Pre-Shared Key EAP Method”, IETF draft, draft-bersanieap-psk-06, 2004
Renaudin, M.; Bouesse, F.; Proust, Ph.; Tual, J.P.; Sourgen, L.; Germain, F.; “High security smartcards”, Design, Automation and Test in Europe Conference and Exhibition, 2004. Proceedings, Volume: 1, 16–20 Feb. 2004
R. Brandewie, “Smart cards:world passport to security-identity solutions for a complex world.” e-Smart 2004, Sept 22–24, 2004, Sophia Antipolis, Nice, France
“Belgium electronic identity card (eID)”. http://eid.belgium.be
Timothy M. Jurgensen, Scott B. Guthery, “Smart Cards: The Developer’s Toolkit”, PRENTICE HALL
OpenEapSmartcard WEB site, http://www.infres.enst.fr/~urien/openeapsmartcard
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Urien, P., Dandjinou, M. (2007). The OpenEapSmartcard platform. In: Gaïti, D. (eds) Network Control and Engineering for QoS, Security and Mobility, IV. NetCon 2005. IFIP — The International Federation for Information Processing, vol 229. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-49690-0_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-49690-0_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-49689-4
Online ISBN: 978-0-387-49690-0
eBook Packages: Computer ScienceComputer Science (R0)