Adding Identity Protection to EAP-TLS Smartcards

Wireless and IP networks requires extensible, fast and flexible authentication and key-exchange protocols, addressing wireless environment constraints, such as scarce radio resources and limited computational power on the client. Many mobile and wireless communities have agreed to adopt security protocols originally designed for wired networks, as authentication methods for their entities and for IP-Wireless inter-working. Nowadays, TLS is the most frequently deployed protocol in security exchanges and the de facto standard for the authentication in wireless networks; especially WLAN and 3GPP. However, missing from the protocol is a way to provide privacy and identity protection, which are increasingly required in IP architectures and are essential in wireless infrastructures. In this paper, we extend TLS with a new mechanism to guaranty identity protection, to enhance user´s privacy and to make exchanges untraceable to eavesdroppers. We analyze and discuss results obtained with an original experimental platform, dealing with EAP-TLS smartcards that increase the level of trust.