Abstract

Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a novel port knocking solution, named Crucible, which is a secure method of authentication, with high usability and features of stealth, allowing servers and services to remain hidden and protected. Crucible is a stateless solution, only requiring the client memorise a command, the server’s IP and a chosen password. The solution is forwarded as a method for protecting servers against attacks ranging from port scans, to zero-day exploitation. To act as a random oracle for both client and server, cryptographic hashes were generated through chaotic systems.

Highlights

  • Port knocking, if integrated into a security environment, can offer an additional layer of authentication forW

  • Port knocking can be considered a stealthy method of authentication and command execution, allowing a covert channel to exist between a client and server, across an untrusted network such as the Internet

  • This paper offers three novel port knocking prototypes: zero knowledge proofs and chaos-based cryptography; a combination of chaos-based cryptography and random beacons; and ‘Crucible’ which is combines random beacons and password-based key derivation

Read more

Summary

Introduction

If integrated into a security environment, can offer an additional layer of authentication forW. If integrated into a security environment, can offer an additional layer of authentication for. Port knocking can be considered a stealthy method of authentication and command execution, allowing a covert channel to exist between a client and server, across an untrusted network such as the Internet. Port knocking should be difficult to discover through passive surveillance of network traffic, or active reconnaissance of the server. Port knocking allows a server to conceal its individual services, and its role as a server. Numbers Stations are a Cold War era covert channel using radio broadcasts of spoken number values (amongst other methods), suspected to communicate with intelligence assets in the field [1]. Meltdown [2] and Spectre [3] are examples of serious vulnerabilities enabling covert channels for exfiltrating data from a victim’s machine

Methods
Discussion
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call