, .76 I.6. Conditions d'emploi du protocole EAP en milieu non sécurisé77 II. Des méthodes d'authentification, p.82
, 83 III.1. Description générale, 83 III.2. Services de la85 III.3. Contraintes à lever par la carte à puce, p.86
, .91 I. Cahier des charges du protocole91 II. Présentation générale du protocole, Chapitre, vol.5, p.98
, 103 II Exigences à prendre en compte104 III Architecture de la plate-forme105 III.1. Présentation générale, .103 I. Objectifs et chances du projet, p.113
, 115 II. Description générale116 III, Chapitre, vol.7, p.121
, .123 I Architecture123 II129 VI, 126 IV. Administration et déploiement de nouveaux services, pp.131-133
, Il propose deux sous-protocoles d'authentification, le premier PAX-STD reposant sur des clés symétriques et l'autre plus robuste dénommé PAX-SEC s'appuyant sur une infrastructure de clés publiques PKI (Public Key Infrastructure) Dans ce protocole l'échange de germes aléatoires est fait par le moyen de l'algorithme de Diffie-Hellman [PKCS3_93] [DIFHEL03], et un service de distribution de clés est également proposé. Comme si le mode "resume" de EAP-TLS restait insatisfaisant, IETF vient de normaliser en fin décembre 2005 le protocole TLS-PSK (Transport Layer Security Pre-Shared Key) [TLSPSK05] qui n'est autre chose que du TLS en mode de chiffrement symétrique, 2005.
, UMTS Subcriber Identity Module) La jonction des transports sécurisés par SMS et EAP/TLS augmenterait les offres et la qualité des services à l'adresse de l'utilisateur, et la concurrence aidant
, augmenter la sécurité de l'accès aux services sur les réseaux en général, il reste à définir, en conformité avec les législations des pays, ce qu'on peut légalement collecter, les preuves qu'on peut fournir, à quelle entité ces preuves peuvent être fournies, etc. De même, la batterie d'informations contenues dans une carte peut servir à la production d'un anonymat
, Information technology ? Identification cards ? Integrated circuit(s) cards with contacts ? Part 1: Physical characteristics, E), vol.78161, pp.7816-7818, 1998.
, Information technology ? Identification cards ? Integrated circuit(s) cards with contacts ? Part 2: Dimensions and location of the contacts, ISO/IEC 7816-2:1999(E), pp.7816-7819, 1999.
, Information technology ? Identification cards ? Integrated circuit(s) cards with contacts ? Part 3: Electronic signals and transmission protocols, E), vol.78163, pp.7816-7820, 1997.
, Information technology ? Identification cards ? Integrated circuit(s) cards with contacts ? Part 4: Interindustry commands for interchange First editionInformation technology ? Telecommunications and information exchange between systems ? Local and metropolitan area networks ? Specific requirements ? Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, ISO/IEC 7816-4:1997(E) ISO/IEC 8802-11:1999(E), ANSI/IEEE std 802, p.11, 1995.
, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Enhanced Security Part 16: Air Interface for Fixed Broadband Wireless Access SystemsApproved Draft IEEE Standard for Local and Metropolitan Area Networks Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems Amendment for Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed BandsLocal and Metropolitan Area Networks : Port-Based Network Access ControlSpecification for the Advanced Encryption Standard (AES), Federal Information Processing Standards (FIPS) 197Standard for The Format of ARPA Internet Text MessagesInformation technology ? ASN.1 encoding rules - Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)Enhancing WLAN security by introducing EAP- TLS smartcardsIntercepting Mobile Communications: The insecurity of 802Le protocole EAP-SSCJava Card Technology for Smart Cards: Architecture and Programmer's GuideThe COPS (Common Open Policy Service) Protocol [DES80] National Institute of Standards and Technology, "DES modes of operationDynamic Host Configuration Protocol, IEEE Std 802.11a LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Amendment 4: Further Higher Data Rate Extension in 2Supplement to Standard for Telecommunications and Information Exchange Between Systems ? LAN/MAN specific Requirements ? Part IEEE 802.16eAES01] National Institute of Standards and Technology STD 11, IETF RFC 822 Proceeding of the 11th Annual International Conference on Mobile Computing and Network Actes du 7e Colloque Africain sur la Recherche en Informatique -CARI'04, 22-25 novembreCounter with CBC-MAC (CCM)", IETF RFC 3610DES99] National Institute of Standards and TechnologyMore Modular Exponential (MODP) Diffie- Hellman groups for Internet Key Exchange (IKE)", IETF RFC 3526Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)", IETF RFC 4187. [EAPKey05] B. Aboba, "Extensible Authentication Protocol (EAP) Key Management ExtensionsEAPKey06] B. Aboba, D. Simon, P. Eronen, H. Levkowetz, Ed., "Extensible Authentication Protocol (EAP) Key Management Framework, pp.16-200416, 1980.
, EAP-Support in Smartcard", draft-urien-eap- smartcard-10.txt, <work in progress>EAP-TLS Smartcards, from Dream to Reality, Proceedings of IEEE 3rd International Conference on Networking 4th Workshop on Applications and Services in Wireless NetworksWeakness in the Key scheduling algorithm of RC4", 8th Annual Workshop on Selected Areas in CryptographyGLOBPL03] Global Platform Card Specification version 2.1.1Digital cellular telecommunication system, pp.0-86341, 1999.
, HMAC: Keyed-Hashing for Message AuthenticationHyper Text Transfer Protoco -HTTP/1Security Architecture for the Internet ProtocolThe Security of One-Block-to-Many Modes of OperationThe MD5 Message-Digest Algorithm3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm SpecificationMIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII TextThe Network Access Identifier, IETF RFC 2616IKEv2) Protocol", IETF RFC 4306. [INES05] projet INES (Identité Nationale Electronique Sécurisée) de carte d'identité électronique. (en 2006 sur http://www.libertysecurity.org/article372.html) [IPSEC98 IETF RFC 1321 IETF RFC 2047Advanced Encryption Standard (AES)", National Institute of Standards and Technology (NIST)NIST97] FIPS PUB 186-2 Digital Signature Standard (DSS)", National Institute of Standards and Technology (NIST), p.509, 1992.
, OMAC: One-Key CBC MACThe OpenEapSmartcard project, short paper, Applied Cryptography and Network Security 2005OpnEap06] Site Web OpenEapSmartcard, 1999.
, PKCS# 1 v2.1: RSA Cryptography StandardPKCS# 3: Diffie-Hellman Key Agreement standard RSA Laboratories Technical Note Version 1.4 revisedInternet X.509 Public Key Infrastructure Certificate and CRL profilePointto-Point Tunneling Protocol (PPTP), IETF RFC 2637SSL and TLS: Designing and Building Secure SystemsThe Point-to-Point Protocol (PPP), IETF RFC 1661State Machines for Extensible Authentication Protocol (EAP) Peer and AuthenticatorA Method for Obtaining Digital Signatures and Public-Key CryptosystemsResource ReSerVation Protocol (RSVP) --Version 1 Functional SpecificationUMTS, services, architecture et WCDMASecure Hash Standard, Federal Information Processing Standard (FIPS) 201 IETF RFC 2459 IETF RFC 3579 IETF RFC 4137 IETF RFC 2205Secrets et mensonges ? Sécurité numérique dans un monde en réseauSHA1_02] National Institute of Standards and Technology Federal Information Processing Standards (FIPS) PUB 180-2SNMP02] D. Harrington, R. Presuhn, B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management FrameworksSimple Object Access Protocol (SOAP) 1.1", W3C Note, pp.120-126, 1978.
, Java Card 2.2.1. API SpecificationJava Card Plateform Specification 2.2.2The TLS Protocol Version 1Pre-Shared Key Ciphersuites or Transport Layer Security (TLS), IETF RFC 4279TPM Specification version 1.2", Trusted Computing Group (TCG)TPM Main Part 1: Design Principles, Specification version 1.2 revision 85USB Full Speed enabled smart cards for Consumer Electronics applicationsInternet Card, a smart card as a true Internet nodeThe OpenEapSmartcard platformDesigning Smartcards for Emerging Wireless NetworksIntroducing micro-authentication servers, in emerging pervasive environmentsThe EAP smartcard. A tamper resistant device dedicated to 802, IETF RFC 2246 Consumer Electronics, ISCE 2005, Proceedings of the 9th International Symposium NETCON'05, Network Control and Engineering for QoS, Security and Mobility, IFIP TC6 Conference CARDIS 2006 IADIS International Conference on WWW/Internet 200511 wireless networks", 3rd Workshop on applications and Services in Wireless NetworksUrTiLo02] P. Urien, A. Tizraoui, M. Loutrel, "Integrating EAP in SIM-IP smartcards Second IEEE workshop on Applications and Services in Wireless networksWeb Services Description Langage (WSDL) 1.1", W3C Note, pp.230-236, 1994.
, Extensible Markup Language (XML) 1.0 (Third Edition), W3C Recommendation, 2004.
, Second Pair-wise-key used by the Smart Card
, Flags field with D (Digest) bit set | | | | +----Sub-Type field set for asymmetrical case, Packet Length field set to 32
, Flags field with D (Digest) bit set | | | | +----Sub-Type field set for asymmetrical case, Packet Length field set to 32
, Identifier field is the same as for request packetCode Field set for EAP-Response