The Extensible Authentication Protocol (EAP) is a kind of Esperanto used for access control in various network technologies such as WLAN or VPN. We introduce the trusted EAP module, a tamper resistant chip that computes the EAP protocol. Its functional interface is compatible with IETF emerging specifications. We present an open smartcard platform which enables the design of cheap components, both on client and server side; furthermore we describe a management model that remotely modifies embedded credentials and applications. An implementation of a RADIUS server working with EAP server modules is detailed and analyzed. Finally experimental performances are commented and we underline that today EAP modules compute complex protocol like EAP-TLS in less than 5s, and therefore may be deployed in existing networks.
展开▼
