Authors Universitatea Politehnica București Facultatea de Automatică și Calculatoare Catedra de Calculatoare Extension of a port knocking client- server.

Slides:



Advertisements
Similar presentations
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Advertisements

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
802.1x EAP Authentication Protocols
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.
Transport Layer Flow. Socket Connections UDP Segment Structure.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
A Brief Taxonomy of Firewalls
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
WIRELESS LAN SECURITY Using
Wireless and Security CSCI 5857: Encoding and Encryption.
Web Services Security. Introduction Developing standards for Web Services security – XML Key Management Specification (XKMS) – XML Signature – XML Encryption.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
Limitations of Port Knocking Software Project Presentation Paper Study – Part III Group Member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
1 Guide to Network Defense and Countermeasures Chapter 5.
Network Address Translation Current problems with IP addresses:  Address depletion  Scaling in routing Solutions:  IPv6  CIDR  NAT.
An analysis of Skype protocol Presented by: Abdul Haleem.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Universitatea Politehnica Bucureşti - Facultatea de Automatică şi Calculatoare TOWARDS A SECURE DATA SHARING PEER-TO-PEER NETWORK BASED ON GEOMETRIC AND.
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
Wavetrix Changing the Paradigm: Remote Access Using Outbound Connections Remote Monitoring, Control & Automation Orlando, FL October 6, 2005.
CMSC Presentation An End-to-End Approach to Host Mobility An End-to-End Approach to Host Mobility Alex C. Snoeren and Hari Balakrishnan Alex C. Snoeren.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Peer-to-Peer Systems: An Overview Hongyu Li. Outline  Introduction  Characteristics of P2P  Algorithms  P2P Applications  Conclusion.
AUTHOR DETAILS: CHANDRASEKHAR NAIDU MUTTINENI Mail: Blog:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
GOOD MORNING TO ONE AND ALL. OUR TEAM VENKATESH THARUN SADIK FROM AVANTHI ENGG. COLLEGE.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 Pertemuan 23 Overview of Transport Layer Ports.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Universitatea Politehnica Bucureşti - Facultatea de Automatică şi Calculatoare Towards a Peer-to-Peer Recommender System Based on Collaborative Filtering.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.
Network Processing Systems Design
HIP-Based NAT Traversal in P2P-Environments
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Facultatea de Automatica si Calculatoare Universitatea “Politehnica“ din Bucuresti Security in Clouds Building a Malicious Client Detection module for.
Building Distributed Educational Applications using P2P
Introducing To Networking
Configuring TMG as a Firewall
Working at a Small-to-Medium Business or ISP – Chapter 7
Security in Networking
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
A tool for locating QoS failures on an Internet path
Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.
Presentation transcript:

Authors Universitatea Politehnica București Facultatea de Automatică și Calculatoare Catedra de Calculatoare Extension of a port knocking client- server architecture with NTP synchronization Traian Popeea, Vladimir Olteanu Laura Gheorghe, R ă zvan Rughiniș {

Outline Introduction Key words Objectives Architecture Technologies Solution Testing Problems Encountered Conclusions Questions RoEduNet Conference 20112

Introduction Port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. It has many disadvantages, as the server is left defenseless if the knock sequence is determined by the attacker RoEduNet Conference 20113

Key words Networking Security Port-knocking One-way functions NTP Client-server architecture RoEduNet Conference 20114

Objectives Implement a software application that will meet the following requirements: – Will provide dynamic knock sequences. – Will synchronize server and clients through NTP. – Will generate strong knock sequences through the use of one-way functions. – Will provide different knock sequences for different ports to be opened RoEduNet Conference 20115

Architecture RoEduNet Conference 20116

Technologies C OpenSSL NTP RoEduNet Conference 20117

Solutions Using an external NTP client (available on every *nix system) for time synchronization at the initialization of the server and clients A pre-shared initial key generated through the OpenSSL library using user-generated entropy A hash function based on PSK, time, source IP address, destination port A sequence of ports determined based on the hash function (splitting the 512-bit hash in 16-bit numbers representing ports) RoEduNet Conference 20118

Testing Generating 1 million keys RoEduNet Conference Function512 bits2048 bits md51.163s3.744s sha s13.197s sha s8.823s

Problems Encountered Public NTP servers are DoS-proof not allowing repeated requests at small time intervals => one initial synchronization followed by system clock queries The sharing of the PSK must be made out-of- program Determining the knock sequence lifespan Clients behind NAT do not have access (source address) RoEduNet Conference

Conclusions Another layer of security is added with the help of synchronization and cryptography. The number of attacks that can be performed is reduced. Using hash functions does not imply a significant latency RoEduNet Conference

References M. Krzywinski, “Port Knocking: Network Authentication Across Closed Ports”. SysAdmin Magazine 12: pp S. Krivis, “Port Knocking: Helpful or Harmful? – An Exploration of Modern Network Threats”, GIAC Security Essentials Certification, 2004, unpublished M. Doyle, “Implementing a Port Knocking System In C”, An Honors Thesis submitted in partial fulfillment of the requirements for Honors Studies in Physics, J. William Fulbright College of Arts and Sciences, The University of Arkansas, RoEduNet Conference

Thank you! Questions? RoEduNet Conference

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.