25-08-2017, 09:32 PM
Network Security Using Hybrid Port Knocking
382_1316_Network_Security_Using_Hybrid_Port_Knocking.pdf (Size: 701.96 KB / Downloads: 39)
Introduction
The Internet can be seen as a huge network of different
nodes connected together providing different services. The
difference in every service provided is that it is given to
whom? Some services are for the public whereby others
are for some specific users. The problem is how can we
control this access? A first solution that might come in
mind is using a firewall [1]. Firewalls are a good solution
but they can only provide control based on IP addresses
and some other characteristics. Unfortunately, firewalls
cannot dissipate between users connecting from the same
IP, and for sure different IP's. It can only see IP addresses
and its characteristics but not a user name and password
for example. So we can only consider firewalls as the first
level of defense [2]-[3].
Problems Associated with PK Techniques
In order to increase network security, it is sometimes
desirable to allow access to open ports on a firewall only
to authorized external hosts (users) and present closed
ports to all others. The most obvious way to limit access to
open port is to require users to authenticate themselves
before granting them access. There are a number of
techniques that have been developed by many researchers
to create port authentication, such as: PK, single packet
authentication (SPA), or use a lightweight concealment
protocol.
Security Measurements and Evaluation
In order to evaluate the security of the HPK technique, a
number of hacking scenarios were compared with two
other well known port-knocking techniques (Traditional
Port-knocking, and Single Packet Authorization).
Conclusions
The main innovative idea in the HPK technique is that it is
designed to work in two different modes without preadjustment
or setting, namely the interactive mode and the
non-interactive mode. In any of the above modes, the HPK
client does not send TCP SYN packets to initialize the
service on the HPK server as in TPK techniques; instead it
sends TCP packets with sophisticated payloads. The
payloads send within the TCP packets represent the
content of the service or task that needs to be performed
on the accessed network or any of its servers.