Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mobile Web and Information Systems

MobiWIS 2017: Mobile Web and Intelligent Information Systems pp 147–162Cite as

An Authentication Mechanism for Accessing Mobile Web Services

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10486))

Abstract

Port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports in order to prevent attackers from discovering and exploiting potentially vulnerable services on a network host while allowing authenticated users to access these services [19]. We extend the implementations of secure port knocking systems from traditional servers and desktop clients to mobile client/server applications as an authentication technique to securely protect resources hosted by mobile servers. More specifically, our research objective primarily focuses on developing a secure authentication framework, utilizing secure port knocking techniques coupled with Open Authorization (OAuth) standard, for accessing smart mobile devices while acting as Web service providers/hosts that are located behind and protected by the Internet Service Provider (ISP) perimeter firewall; that way the mobile clients have to be authenticated by two different authentication mechanisms/layers that are independent from each other before these clients are granted access to the protected resources.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Hadi, A., Al-Bahadili, H.: A hybrid port-knocking technique for host authentication. IGI-Global Knowledge Disseminator (2012)

    Google Scholar 

  2. Hadi, A., Al-Bahadili, H.: Network security using hybrid port knocking. IJCSNS Int. J. Comput. Sci. Netw. Secur. 10(8), 8–12 (2010)

    Google Scholar 

  3. Gibbons, K., O’Raw, J., Curran, K.: Security evaluation of the OAuth 2.0 framework. Inf. Manage. Comput. Secur. 22(3), December 2014. ISSN: 0968-5227

    Google Scholar 

  4. DeGraaf, R., Aycock, J., Jacobson, M.: Improved port knocking with strong authentication. Department of Computer Science, University of Calgary, Calgary, Alberta, Canada (2005)

    Google Scholar 

  5. ArchLinux: Port Knocking (2016). https://wiki.archlinux.org/index.php/Port_knocking. Accessed Dec 2016

  6. Vasserman, E., Hopper, N., Tyra, J.: SilentKnock: practical, provably undetectable authentication. Int. J. Inf. Secur. 8, 121–135 (2009). Springer-Verlag (2008)

    Article  Google Scholar 

  7. Fideloper: Managing the Iptables Firewall (2013). http://fideloper.com/iptables-tutorial. Accessed Nov 2016

  8. Internet Engineering Task Force (IETF): The OAuth 2.0 Authorization Framework. Request for Comments: 6749 (2012). https://tools.ietf.org/html/rfc6749

  9. Ellingwood, J.: How to choose an effective firewall policy to secure your servers (2015). https://www.digitalocean.com/community/tutorials/how-to-choose-an-effective-firewall-policy-to-secure-your-servers. Accessed Nov 2016

  10. Boroumand, L., Shiraz, M., Gani, A., Khan, S., Shah, S.: A review on port-knocking authentication methods for mobile cloud computing. Center for Mobile Cloud Computing Research (C4MCCR), Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur, Malaysia (2014)

    Google Scholar 

  11. Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals. http://www.thegeekstuff.com/2011/01/iptables-fundamentals. Accessed Nov 2016

  12. Demircioglu, M.: Analysis of port knocking mechanism. A master’s Thesis in Computer Engineering, Atilim University (2009)

    Google Scholar 

  13. Doyle, M.: Implementing a port knocking system in C. Physics Honor Thesis, The University of Arkansas (2004)

    Google Scholar 

  14. Krzywinski, M.: Port knocking: network authentication across closed ports. SysAdmin Magazine 12, 12–17 (2003). http://www.portknocking.org/docs/krzywinski-portknocking-sysadmin2003.pdf

    Google Scholar 

  15. Membrane OAuth Authentication. http://membrane-soa.org/service-proxy-doc/4.2/security/oauth2. Accessed Sept 2016

  16. Shrestha, N.: Wireshark – network protocol analyzer tool for RHEL/CentOS/Fedora (2016). http://www.tecmint.com/wireshark-network-protocol-analyzer-tool-for-rhelcentosfedora. Accessed Nov 2016

  17. Barham, P., Hand, S., Isaacs, R., Jardetzky, P., Mortier, R., Roscoe, T.: Techniques for lightweight concealment and authentication in IP networks. Intel Research, Technical report IRB-TR-02-009, 25 July 2002

    Google Scholar 

  18. Port Knocking: Port knocking implementations (2013). http://www.portknocking.org/view/implementations. Accessed June 2016

  19. Port Knocking. https://en.wikipedia.org/wiki/Port_knocking. Accessed June 2016

  20. Nelson, R.: Reverse proxy using NGINX Plus (2014). https://www.nginx.com/blog/reverse-proxy-using-nginx-plus. Accessed Nov 2016

  21. TcpDump & LibPCap. http://www.tcpdump.org. Accessed Oct 2016

  22. TCPWrite. http://tcpreplay.synfin.net/tcprewrite.html. Accessed Oct 2016

  23. TCPReplay, PCap Editing & Replay Tools for *NIX. http://tcpreplay.synfin.net/wiki/tcprewrite. Accessed Oct 2016

Download references

Author information

Authors and Affiliations

  1. George Mason University, 4400 University Dr., Fairfax, VA, 22030, USA

    KamalEldin Mohamed, Duminda Wijesekera & Paulo Cesar Costa

Authors
  1. KamalEldin Mohamed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Duminda Wijesekera
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paulo Cesar Costa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to KamalEldin Mohamed .

Editor information

Editors and Affiliations

  1. Oxford Brookes University, Oxford, United Kingdom

    Muhammad Younas

  2. Department of Informatics, University of Bradford, Bradford, United Kingdom

    Irfan Awan

  3. Department of Software Engineering, Charles University, Prague 1, Czech Republic

    Irena Holubova

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Mohamed, K., Wijesekera, D., Costa, P.C. (2017). An Authentication Mechanism for Accessing Mobile Web Services. In: Younas, M., Awan, I., Holubova, I. (eds) Mobile Web and Intelligent Information Systems. MobiWIS 2017. Lecture Notes in Computer Science(), vol 10486. Springer, Cham. https://doi.org/10.1007/978-3-319-65515-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65515-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65514-7

  • Online ISBN: 978-3-319-65515-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation