This paper presents the first javacard platform dedicated to IP (Wireless) LAN security issues. We have defined an open architecture that processes Extensible Authentication Protocol (EAP) in smartcards, which is the standard defined by IETF1 and IEEE-8022 committees for users’ authentication in various network environments like Wi-Fi, WiMax, or IPSEC 3. These tamper resistant devices are generally considered as the most trusted computing platforms. They have been selected by the DoD4 for military ID cards, by the Belgium government for citizen ID cards, and they will be included in US and European passports. Although secure, javacards are cheap and manufactured by many companies. We present and analyze results obtained with five different smartcards, for two authentication scenari. The first works with an asymmetric algorithm (EAP-TLS, a transparent transport of the well known SSL5 standard), the second uses a pre-share key scheme (EAP-PSK) based on the AES algorithm and the One-Key CBC MAC function (OMAC), which is under consideration by NIST6 for standardization. We demonstrate that this open and flexible approach, is working with existing components, although performances enhancement is necessary.


Security WLAN smartcards javacards 

6 References

  1. [1]
    International Organization for Standardization (ISO) “Identification cards-Integrated circuits) card with contact” ISO/IEC 7816.Google Scholar
  2. [2]
    PC/SC (1996), Interoperability Specification for ICCs and Personal Computer Systems, © 1996 CP8 Transac, HP, Microsoft, Schlumberger, Siemens Nixdorf.Google Scholar
  3. [3]
    H. Krawczyk, M. Bellare, R. Canetti, “HMAC: Keyed-Hashing for Message Authentication”, RFC 2104, September 1997.Google Scholar
  4. [4]
    ETSI-GSM 11.11 “Digital cellular telecommunications system (Phase2+); Specification of the Subscriber Interface Identity Module — Mobile Equipment (SIM_ME) interface”.Google Scholar
  5. [5]
    ETSI GSM 11.19, “Digital cellular telecommunications system (Phase 2+); GSM API for SIM toolkit stage 2”Google Scholar
  6. [6]
    B. Aboba, D. Simon, “PPP EAP TLS Authentication Protocol”, RFC 2716, October 1999.Google Scholar
  7. [7]
    T. Dierks, C. Allen,, “The TLS Protocol Version 1.0”, RFC 2246, January 1999Google Scholar
  8. [8]
    Institute of Electrical and Electronics Engineers, “Standard for Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications”, IEEE Standard 802.11, 1999.Google Scholar
  9. [9]
    Zhiqun Chen, “Java Card Technology for Smart Cards: Architecture and Programmer’s Guide”, SUN book, 2000Google Scholar
  10. [10]
    N. Borisov, I. GoldBerg, D. Wagner, Intercepting Mobile Communications: The Insecurity of 802.11, Proceeding of the Eleventh Annual International Conference on Mobile Computing And Network, p180, July 16–21, 2001.Google Scholar
  11. [11]
    S. Fluhrer, I. Mantin, A. Shamir, Weakness in the key scheduling algorithm of RC4, 8th Annual Workshop on Selected Areas in Cryptography, August 2001.Google Scholar
  12. [12]
    National Institute of Standards and Technology, “Specification for the Advanced Encryption Standard (AES)”, Federal Information Processing Standards (FIPS) 197, November 2001. Institute of Electrical and Electronics Engineers, “Local and Metropolitan Area Networks: Port-Based Network Access Control”, IEEE Standard 802.1X, September 2001.Google Scholar
  13. [13]
    Struif, B.; Scheuermann, D, “Smartcards with biometric user verification”, Multimedia and Expo, 2002. ICME’ 02. Proceedings. 2002 IEEE International Conference on, Volume: 2, 26–29 Aug. 2002 Pages:589–592 vol.2Google Scholar
  14. [14]
    Gilbert, H., “The Security of One-Block-to-Many Modes of Operation”, FSE 03, Springer-Verlag LNCS 2287, 2003.Google Scholar
  15. [15]
    Iwata, T. and K. Kurosawa, “OMAC: One-Key CBC MAC”, FSE 03, Springer-Verlag LNCS 2887, 2003.Google Scholar
  16. [16]
    M. Loutrel, P. Urien, G. Pujolle, “A smartcard for authentication in WLANs”, Proceedings of the 2003 IFIP/ACM Latin America conference on Towards a Latin American agenda for network research, La Paz, Bolivia, October 2003Google Scholar
  17. [17]
    P. Urien, M. Loutrel, “The EAP smartcard. A tamper resistant device dedicated to 802.11 wireless networks”, 3rd Worshop on applications and Services in Wireless Networks, Berne, Switzerland, July 2–4, 2003.Google Scholar
  18. [18]
    Institute of Electrical and Electronics Engineers, “Approved Draft Supplement to Standard for Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Specification for Enhanced Security”, IEEE 802.1Li-2004, 2004.Google Scholar
  19. [19]
    Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J. and H. Levkowetz, “Extensible Authentication Protocol (EAP)”, RFC 3748, June 2004.Google Scholar
  20. [20]
    Bellare, M., Rogaway, P. and D. Wagner, “The EAX mode of operation”, FSE 04, Springer-Verlag LNCS 3017, 2004Google Scholar
  21. [21]
    Urien P, Farrugia F, Groot M, Abellan J, “EAP-Support in Smartcard”, draft-urien-eapsmartcard-08.txt, 2005Google Scholar
  22. [22]
    Bersani. F, “The EAP-PSK Protocol: a Pre-Shared Key EAP Method”, IETF draft, draft-bersanieap-psk-06, 2004Google Scholar
  23. [23]
    Renaudin, M.; Bouesse, F.; Proust, Ph.; Tual, J.P.; Sourgen, L.; Germain, F.; “High security smartcards”, Design, Automation and Test in Europe Conference and Exhibition, 2004. Proceedings, Volume: 1, 16–20 Feb. 2004Google Scholar
  24. [24]
    R. Brandewie, “Smart cards:world passport to security-identity solutions for a complex world.” e-Smart 2004, Sept 22–24, 2004, Sophia Antipolis, Nice, FranceGoogle Scholar
  25. [25]
    “Belgium electronic identity card (eID)”. http://eid.belgium.beGoogle Scholar
  26. [26]
    Timothy M. Jurgensen, Scott B. Guthery, “Smart Cards: The Developer’s Toolkit”, PRENTICE HALLGoogle Scholar
  27. [27]
    OpenEapSmartcard WEB site, Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Pascal Urien
    • 1
  • Mesmin Dandjinou
    • 2
  1. 1.ENSTParisFrance
  2. 2.Université Polytechnique de Bobo-DioulassoBurkina Faso

Personalised recommendations