1 / 12

Single Packet Authorization (SPA)

Software Project Presentation Paper Study – Part 2. Single Packet Authorization (SPA). Group members: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040). Agenda. Issues in Port Knocking Introduction of SPA Mechanism of SPA Advantages of SPA. Issues in Port Knocking.

caspar
Download Presentation

Single Packet Authorization (SPA)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Project Presentation Paper Study – Part 2 Single Packet Authorization (SPA) Group members: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

  2. Agenda • Issues in Port Knocking • Introduction of SPA • Mechanism of SPA • Advantages of SPA

  3. Issues in Port Knocking • Port knocking is built based on some pre–determined sequence of packets • To get the port open, one has to knock in correct sequence • Knock sequence may arrive out-of-order • Daemon cannot recognize the knock • Access remain denied • Replay Attack • Adversaries who are able to monitor the knock sequence could replay the sequence to gain the same access SO HOW CAN WE SOLVE this ??

  4. What Is SPA? • SPA is a variation of port knocking • Same aim • Differs significantly in delivery mechanism • SPA only requires a single knock • Refer as Authorization Packet • Knocks are encoded within a single packet

  5. SPA Mechanism – Client Side • SPA client encoded all the necessary information into single packet • Usually uses • UDP • ICMP • Those information could be • Timestamp • Client IP & Password • Command/Control Data (optional) • There are many slightly different implementations • Encryption may be applied • Hash for message authentication and integrity • Signature using PKI and etc

  6. SPA Mechanism – Server Side • Upon receiving the packet, SPA daemon will check • Password • Timestamp • Client must be synchronized • Accuracy up to minute • Client’s IP (header from received packet) • Signature, hash and etc • In case of encryption applied, then the daemon will attempt to decrypt the packet first

  7. Recap. on Port Knocking Client Server Port Knock Client SSHd Port Knock Daemon 5724 22 … … SSH Client SYN: 5120 SYN: 128 SYN: 780 Application Application

  8. Mechanism - How SPA Works? Client Server Port Knock Client SSHd Port Knock Daemon 5724 22 … … SSH Client Application Application ICMP Knock 0x08 0x00 0xA3E6 0x08 0x00 0x4D5A 0x0001 0x0001 0x0001 0x0001 abcdefghijklmnopqrstuvwabcdefghi (Windows OS default 32 Bytes data in ASCII) Username + Password + Timestamp + etc (Encrypted) Normal ICMP Echo Request Example ICMP Knock

  9. Mechanism - How SPA Works? Client Server Port Knock Client SSH Port Knock Daemon 22 5726 … … SSH Client SSH Req Application Application

  10. Advantages of SPA • Only a single packet is sent • which makes it faster than conventional port knocking • Replay protection is easily built within • Timestamp is added as replay protection • It is harder to make conventional port knocking replay-resilient • SPA can avoid trivial sequence busting attacks • Attacker could inject a duplicate packet while port knocking is being performed • This breaks the conventional port knocking

  11. What is next? • We will perform more detailed studies • Focus on issues and problems of port knocking and SPA

  12. THANK YOU !! QUESTION ?????

More Related