A hybrid port-knocking technique for host authentication

Dissertant

al-Shammari, Ali Husayn

Thesis advisor

al-Bahadili, Husayn

Comitee Members

Kanan, Ghassan Jaddu
al-Shalabi, Riyad
Uways, Suhayl

University

Arab Academy for Financial and Banking Sciences

Faculty

The Faculty of Information Systems and Technology

Department

Computer information systems

University Country

Jordan

Degree

Ph.D.

Degree Date

2010

English Abstract

The network security has become a primary concern on the Internet in order to provide protected communication between hosts/nodes in a hostile environment.

In order to protect network resources, each service provider pose a number of nontrivial challenges to security design and set its own policies for accessing resources on the network.

These challenges make a case for building security solutions that achieve both broad protection and desirable network performance in terms of minimum data overhead and delay.

It is so crucial to have computationally cheap and simple defense mechanisms that allow early protection against all types of attacks.

In particular, it becomes very common and useful to have multiple progressively stronger layers of security, rather than attempting to have a single perfect security layer.

The main objective of this work is to develop and evaluate the performance of a new port-knocking (PK) technique, which should avert most types of port attacks and meets all other network security requirements.

The new technique utilizes four wellknown concepts, these are: PK, cryptography, steganography, and mutual authentication.

Therefore, it is referred to as the hybrid port-knocking (HPK) technique.

It is implemented as two separate modules, HPKClient, and HPKServer.

In terms of data processing, the technique consists of five main processes; these are: request packetization and transmission, traffic monitoring and capturing, mutual authentication, request extraction and execution, and port closing.

The main innovative idea in the HPK technique is that it is designed to work in two different modes without pre-adjustment or setting, namely the interactive mode and the non-interactive mode.

In any of these modes, the HPK client does not send TCP SYN packets to initialize the service on the HPK server as in traditional portknocking techniques; instead it sends TCP packets with sophisticated payloads.

The payloads send within the TCP packets represent the content of the service or task that needs to be performed on the network or any of its servers.

The HPK technique can be used for host authentication to make local services invisible from port scanning, provide an extra layer of security that attackers must xiii penetrate before accessing or breaking anything important, act as a stop-gap security measure for services with known unpatched vulnerabilities, and provide a wrapper for a legacy or proprietary services with insufficient integrated security.

In order to evaluate and compare the performance of the HPK technique, three scenarios are simulated.

The first two scenarios investigate the immunity of HPK against TCP replay and denial-of-service (DoS) attacks, while the third scenario calculates the cost of the PK process.

In all scenarios, the results obtained for the HPK technique are compared with their equivalent results obtained for other two PK techniques, namely, the TPK and the single packet authentication (SPA) techniques.

Main Subjects

Information Technology and Computer Science

Topics

• Telecommunications
• Data processing
• Computer networks
• Digital communications
• Information networks
• Security measures

No. of Pages

109

Table of Contents

• APA
• MLA
• AMA

Language

English

Data Type

Arab Theses

Record ID

BIM-307221