Skip to main content
SpringerLink
Log in

SilentKnock: practical, provably undetectable authentication

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Port knocking is a technique to prevent attackers from discovering and exploiting vulnerable network services, while allowing access for authenticated users. Unfortunately, most work in this area suffers from a lack of a clear threat model or motivation. To remedy this, we introduce a formal security model for port knocking, show how previous schemes fail to meet our definition, and give a provably secure scheme. We also present SilentKnock, an implementation of this protocol that is provably secure under the assumption that AES and a modified version of MD4 are pseudorandom functions, and integrates seamlessly with existing applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Krzywinski M.: Port knocking: network authentication across closed ports. SysAdmin Mag. 12(6), 12–17 (2003)

    Google Scholar 

  2. Barham, P., Hand, S., Isaacs, R., Jardetzky, P., Mortier, R., Roscoe, T.: Techniques for lightweight concealment and authentication in IP networks. Technical Report IRB-TR-02-009, Intel Research Berkeley (Jul 2002)

  3. Worth, D.: CÖK: Cryptographic one-time knocking. In: Black Hat USA (2004)

  4. deGraaf, R., Aycock, J., Jacobson, M.J.: Improved port knocking with strong authentication. In: Proc. ACSAC ’05, pp. 451–462

  5. The Open Source Vulnerability Database. http://osvdb.org/. Accessed 8 May 8 2008

  6. Fluhrer, S., Mantin, I., Shamir, A.: Attacks on RC4 and WEP. RSA Laboratories, Cryptobytes 5(2), (2002)

  7. Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Proc. CCS ’02, pp. 1–11

  8. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1. In: Proc. Crypto 98, pp. 1–12

  9. Hopper, N.J., Langford, J., Von Ahn, L.: Provably secure steganography. In: Proc. CRYPTO 2002, pp. 77–92

  10. Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Proc. Information Hiding 05, pp. 247–261

  11. Bernstein, D.J.: The Poly1305-AES message authentication code. In: Proc. FSE 2005

  12. Linux 2.6.17.13 kernel source. drivers/char/random.c

  13. Vasserman, E.Y., Hopper, N., Laxson, J., Tyra, J.: SilentKnock. http://www.cs.umn.edu/~eyv/knock/ (April 2008)

  14. Krzywinski, M.: Port knocking.http://www.portknocking.org/

  15. Graham-Cumming, J.: Practical secure port knocking. Dr. Dobb’s Journal (Nov. 2004)

  16. Manzanares, A.I., Marquez, J.T., Estevez-Tapiador, J.M., Castro, J.C.H.: Attacks on port knocking authentication mechanism. In: LNCS, vol. 3483, pp. 1292–1300 (2005)

  17. PK. Ahsan, D.K.: Practical data hiding in TCP/IP. In: Proc. Workshop on Multimedia Security at ACM Multimedia (2002)

  18. Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)

  19. Conehead: Stego hasho. Phrack 9(55), (1999)

  20. MacDermid, T.: Stegtunnel. http://www.synacklabs.net/OOB/stegtunnel.html

  21. Ahn, L.v., Hopper, N., Langford, J.: Covert two-party computation. In: Proc. STOC ’05, pp. 513–522

  22. Bond, M., Danezis, G.: The dining Freemasons: Security protocols for secret societies. In: Proc. 13th International Workshop on Security Protocols, Cambridge, England (2005)

  23. Heffernan, A.: Protection of BGP sessions via the TCP MD5 signature option.http://www.ietf.org/rfc/rfc2385.txt (1998)

  24. Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional (2005)

  25. Ring S, Cole E.: Taking a lesson from stealthy rootkits. IEEE Secur. Priv. 2(4), 38–45 (2004)

    Article  Google Scholar 

  26. Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Proc. CRYPTO ’96, pp. 313–328

  27. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Proc. CRYPTO’96, pp. 1–15

  28. Welte, H., Kadlecsik, J., Josefsson, M., McHardy, P., Kozakai, Y., Morris, J., Boucher, M., Russell, R.: The netfilter.org project. http://www.netfilter.org/

  29. Postel, J. (ed.): Transmission control protocol. http://www.ietf.org/rfc/rfc0793.txt (1981)

  30. Carter, J.L., Wegman, M.N.: Universal classes of hash functions (extended abstract). In: Proc. STOC ’77, pp. 106–112

  31. Aikat, J., Kaur, J., Smith, F.D., Jeffay, K.: Variability in TCP round-trip times. In: Proc. IMC’03, pp. 279–284

  32. Bellovin S.M.: Security problems in the TCP/IP protocol suite. SIGCOMM Comput. Commun. Rev. 19(2), 32–48 (1989)

    Article  Google Scholar 

  33. Kent, S., Atkinson, R.: IP authentication header.http://www.ietf.org/rfc/rfc2402.txt (1998)

  34. Jacobson, V., Braden, R., Borman, D.: TCP extensions for high performance.http://www.ietf.org/rfc/rfc1323.txt (1992)

  35. Boneh D., Franklin M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  36. Borss, C.: DROP/DENY vs. REJECT.http://web.archive.org/web/20060901114422/; http://www.lk.etc.tu-bs.de/lists/archiv/lug-bs/2001/msg05734.html (2001)

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering, University of Minnesota, Minneapolis, MN, 55455, USA

    Eugene Y. Vasserman, Nicholas Hopper & James Tyra

Authors
  1. Eugene Y. Vasserman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicholas Hopper
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. James Tyra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicholas Hopper.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Vasserman, E.Y., Hopper, N. & Tyra, J. SilentKnock: practical, provably undetectable authentication. Int. J. Inf. Secur. 8, 121–135 (2009). https://doi.org/10.1007/s10207-008-0070-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-008-0070-1

Keywords

Search

Navigation