| Abstrakt: |
This paper presents the first javacard platform dedicated to IP (Wireless) LAN security issues. We have defined an open architecture that processes Extensible Authentication Protocol (EAP) in smartcards, which is the standard defined by IETF1 and IEEE-8022 committees for users' authentication in various network environments like Wi-Fi, WiMax, or IPSEC3. These tamper resistant devices are generally considered as the most trusted computing platforms. They have been selected by the DoD4 for military ID cards, by the Belgium government for citizen ID cards, and they will be included in US and European passports. Although secure, javacards are cheap and manufactured by many companies. We present and analyze results obtained with five different smartcards, for two authentication scenari. The first works with an asymmetric algorithm (EAP-TLS, a transparent transport of the well known SSL5 standard), the second uses a pre-share key scheme (EAP-PSK) based on the AES algorithm and the One-Key CBC MAC function (OMAC), which is under consideration by NIST6 for standardization. We demonstrate that this open and flexible approach, is working with existing components, although performances enhancement is necessary. [ABSTRACT FROM AUTHOR] |
