Introducing Smartcard Enabled RADIUS Server

Urien, Pascal; Dandjinou, Mesmin

doi:10.1109/cts.2006.54

Cited by 10 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Em resumo, a abordagem do OpenID-VR possui pelo menos dois desafios: (1) a escalabilidade do sistema, uma vez que grids de smart cards geram uma sobrecarga significativa ao processo de autenticação, que pode ultrapassar a 2 segundos [Urien and Dandjinou 2006], além de impactar significativamente na vazão do sistema; (2) tolerar apenas instruções relativas ao protocolo OpenID, ou seja, falhas de infraestruturas (físicas e/ou lógicas) não são suportadas. Além disso, o serviço de autenticação é um ponto único de falha.…”

Section: Contexto E Trabalhos Relacionadosunclassified

Provedores de Identidade Resilientes e Confiáveis

Kreutz

Feitosa²,

Cunha³

2014

Anais Do XV Workshop De Testes E Tolerância a Falhas (WTF 2014)

View full text Add to dashboard Cite

Este artigo apresenta o desenvolvimento de uma arquitetura para provedores OpenID resilientes e seguros, cujo objetivo é garantir propriedades essenciais como integridade, alta disponibilidade e confidencialidade de dados sensitivos. Para este fim são utilizados algoritmos para tolerar falhas arbitrárias, é proposto um componente seguro, com uma interface bem definida, e é detalhada a arquitetura que provê as propriedades almejadas ao sistema. A solução proposta supera trabalhos similares em diferentes aspectos, como vazão, latência, tolerância a falhas arbitrárias e confidencialidade (sem comprometer a escalabilidade do sistema). Os resultados demonstram que uma única instância do sistema suporta demandas de ambientes, como infraestruturas de rede e sistemas Web, com mais de 200k usuários.

show abstract

Section: Contexto E Trabalhos Relacionadosunclassified

Provedores de Identidade Resilientes e Confiáveis

Kreutz

Feitosa²,

Cunha³

2014

Anais Do XV Workshop De Testes E Tolerância a Falhas (WTF 2014)

View full text Add to dashboard Cite

show abstract

“…During an authentication session, EAP messages are exchanged between the EAP-client and EAP server, and are transported by various means, such as RADIUS packets or Wi-Fi frames. In 2006, the OpenEapSmartcard platform was slightly modifi ed [28] in order to support client and server features. By deploying EAP smart cards on both the client and server side, we reintroduced the classical (according to the smart card technologies) concept of SAMs (Secure Access Module) adapted to WLANs.…”

Section: Smart Card Enabled Radius Servermentioning

confidence: 99%

Security and privacy for the next wireless generation

Urien¹,

Pujolle

2008

Int J Network Mgmt

View full text Add to dashboard Cite

SUMMARYThis paper presents research performed during the last 4 years (2003)(2004)(2005)(2006)(2007), in order to design applications (usually referred as EAP smart cards) which enhance security and privacy in emerging WLAN infrastructures. It introduces smart cards ensuring strong authentication in IP networks, according to the extensible authentication protocol (EAP). An open software implementation has been released for Java cards. These devices may be deployed on clients' terminals (such as IEEE 802.1X supplicants) or in RADIUS servers. Experimental results, observed with platforms including win32 computers, Wi-Fi access points and smart card enabled RADIUS servers, demonstrate that this approach is realistic, even with today's smart cards.

show abstract

“…In (Urien et al, 2004) and (Urien et al, 2006a), we described our implementation of EAP-TLS on EAP smartcards and detailed benchmark tests. The best results show that EAP-TLS session costs about five seconds on both on the client and server side.…”

Section: Basic Constraintsmentioning

confidence: 99%

“…If we call Tm the main thread that runs the RADIUS server and Ti a thread associated to a given EAP message, the EAP server management is therefore done according to the following paradigm: 1-In thread Tm, the GetSession() procedure finds a smartcard (whose number is index) that is associated or that can be associated to the EAP session, identified with its id-session value, see (Urien et al, 2006a) for more details. If no smartcard is available, then the incoming RADIUS Access-Request is silently discarded.…”

Section: Eap Server Card Performancesmentioning

confidence: 99%

SECURE ACCESS MODULES FOR IDENTITY PROTECTION OVER THE EAP-TLS - Smartcard Benefits for User Anonymity in Wireless Infrastructures

Urien¹,

Badra²

2006

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

Identity protection and privacy became increasingly important in network communications; especially in wireless LAN. In this optic, Privacy Enhancing Technologies (PET) have been introduced to provide anonymous exchange and to protect personal data. In this paper, we present the SAM (Secure Access Module) architecture, which is a couple of smartcards (client and server) that process EAP-TLS, a transparent transport of TLS (Transport Layer Security) over EAP (Extensible Authentication Protocol). This architecture provides mutual authentication, identity protection and data un-traceability by preventing undesired and unnecessary processing of personal data.

show abstract

Introducing Smartcard Enabled RADIUS Server

Cited by 10 publications

References 7 publications

Provedores de Identidade Resilientes e Confiáveis

Provedores de Identidade Resilientes e Confiáveis

Security and privacy for the next wireless generation

SECURE ACCESS MODULES FOR IDENTITY PROTECTION OVER THE EAP-TLS - Smartcard Benefits for User Anonymity in Wireless Infrastructures

Contact Info

Product

Resources

About