Abstract
Port knocking is a technique to prevent attackers from discovering and exploiting vulnerable network services, while allowing access for authenticated users. Unfortunately, most work in this area suffers from a lack of a clear threat model or motivation. To remedy this, we introduce a formal security model for port knocking, show how previous schemes fail to meet our definition, and give a provably secure scheme. We also present SilentKnock, an implementation of this protocol that is provably secure under the assumption that AES and a modified version of MD4 are pseudorandom functions, and integrates seamlessly with existing applications.
Similar content being viewed by others
References
Krzywinski M.: Port knocking: network authentication across closed ports. SysAdmin Mag. 12(6), 12–17 (2003)
Barham, P., Hand, S., Isaacs, R., Jardetzky, P., Mortier, R., Roscoe, T.: Techniques for lightweight concealment and authentication in IP networks. Technical Report IRB-TR-02-009, Intel Research Berkeley (Jul 2002)
Worth, D.: CÖK: Cryptographic one-time knocking. In: Black Hat USA (2004)
deGraaf, R., Aycock, J., Jacobson, M.J.: Improved port knocking with strong authentication. In: Proc. ACSAC ’05, pp. 451–462
The Open Source Vulnerability Database. http://osvdb.org/. Accessed 8 May 8 2008
Fluhrer, S., Mantin, I., Shamir, A.: Attacks on RC4 and WEP. RSA Laboratories, Cryptobytes 5(2), (2002)
Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Proc. CCS ’02, pp. 1–11
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1. In: Proc. Crypto 98, pp. 1–12
Hopper, N.J., Langford, J., Von Ahn, L.: Provably secure steganography. In: Proc. CRYPTO 2002, pp. 77–92
Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Proc. Information Hiding 05, pp. 247–261
Bernstein, D.J.: The Poly1305-AES message authentication code. In: Proc. FSE 2005
Linux 2.6.17.13 kernel source. drivers/char/random.c
Vasserman, E.Y., Hopper, N., Laxson, J., Tyra, J.: SilentKnock. http://www.cs.umn.edu/~eyv/knock/ (April 2008)
Krzywinski, M.: Port knocking.http://www.portknocking.org/
Graham-Cumming, J.: Practical secure port knocking. Dr. Dobb’s Journal (Nov. 2004)
Manzanares, A.I., Marquez, J.T., Estevez-Tapiador, J.M., Castro, J.C.H.: Attacks on port knocking authentication mechanism. In: LNCS, vol. 3483, pp. 1292–1300 (2005)
PK. Ahsan, D.K.: Practical data hiding in TCP/IP. In: Proc. Workshop on Multimedia Security at ACM Multimedia (2002)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)
Conehead: Stego hasho. Phrack 9(55), (1999)
MacDermid, T.: Stegtunnel. http://www.synacklabs.net/OOB/stegtunnel.html
Ahn, L.v., Hopper, N., Langford, J.: Covert two-party computation. In: Proc. STOC ’05, pp. 513–522
Bond, M., Danezis, G.: The dining Freemasons: Security protocols for secret societies. In: Proc. 13th International Workshop on Security Protocols, Cambridge, England (2005)
Heffernan, A.: Protection of BGP sessions via the TCP MD5 signature option.http://www.ietf.org/rfc/rfc2385.txt (1998)
Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional (2005)
Ring S, Cole E.: Taking a lesson from stealthy rootkits. IEEE Secur. Priv. 2(4), 38–45 (2004)
Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Proc. CRYPTO ’96, pp. 313–328
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Proc. CRYPTO’96, pp. 1–15
Welte, H., Kadlecsik, J., Josefsson, M., McHardy, P., Kozakai, Y., Morris, J., Boucher, M., Russell, R.: The netfilter.org project. http://www.netfilter.org/
Postel, J. (ed.): Transmission control protocol. http://www.ietf.org/rfc/rfc0793.txt (1981)
Carter, J.L., Wegman, M.N.: Universal classes of hash functions (extended abstract). In: Proc. STOC ’77, pp. 106–112
Aikat, J., Kaur, J., Smith, F.D., Jeffay, K.: Variability in TCP round-trip times. In: Proc. IMC’03, pp. 279–284
Bellovin S.M.: Security problems in the TCP/IP protocol suite. SIGCOMM Comput. Commun. Rev. 19(2), 32–48 (1989)
Kent, S., Atkinson, R.: IP authentication header.http://www.ietf.org/rfc/rfc2402.txt (1998)
Jacobson, V., Braden, R., Borman, D.: TCP extensions for high performance.http://www.ietf.org/rfc/rfc1323.txt (1992)
Boneh D., Franklin M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)
Borss, C.: DROP/DENY vs. REJECT.http://web.archive.org/web/20060901114422/; http://www.lk.etc.tu-bs.de/lists/archiv/lug-bs/2001/msg05734.html (2001)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Vasserman, E.Y., Hopper, N. & Tyra, J. SilentKnock: practical, provably undetectable authentication. Int. J. Inf. Secur. 8, 121–135 (2009). https://doi.org/10.1007/s10207-008-0070-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-008-0070-1