Extending port knocking authorixation with deception mechanisms

• Author(s) / Creator(s)

  • Bitla, Sairam Kumar
  • Siripuram, Sai Pramukha
  • Devarapalli, Rama Chandini
  • Nelakurthi, Divya

• Authentication/authorization mechanisms are always a potential target for an attacker. Port Knocking and its variations such as Single Packet Authentication (SPA) allow administrators to put additional shield on network interfaces with sensitive services. The existing SPA solutions are prone to various attacks, such as key leaks on the client side or due to man-in-the-middle attacks. To mitigate this vulnerability problem, decoy keys can be used in the storage and transmission operations. These keys are encoded using public-private key encryption to protect confidentiality of the transmitted data. This additional layer of security decreases the chance of single point of failure through key leakages in generic port-knocking and single packet authorization schemes. To measure the potentially impact of new additions on the usability of an SPA system the experiment was conducted that allows to check the extra time required for authentication. The experiment indicated there is no noticeable negative impact on the timing which allows utilizing decoy keys in SPA systems.

• Date created

  2021-06-01

• Subjects / Keywords

  • network security
  • pork knocking
  • single packet authorization
  • deception mechanisms
  • decoying
  • honey keys
  • honey words
  • honey pot

• Type of Item

  Research Material

• DOI

  https://doi.org/10.7939/r3-gjzq-a253

• License

  Attribution-NonCommercial 4.0 International