290 likes | 592 Views
Software Project Presentation Paper Study – Part 2. Single Packet Authorization (SPA). Group members: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040). Agenda. Issues in Port Knocking Introduction of SPA Mechanism of SPA Advantages of SPA. Issues in Port Knocking.
E N D
Software Project Presentation Paper Study – Part 2 Single Packet Authorization (SPA) Group members: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)
Agenda • Issues in Port Knocking • Introduction of SPA • Mechanism of SPA • Advantages of SPA
Issues in Port Knocking • Port knocking is built based on some pre–determined sequence of packets • To get the port open, one has to knock in correct sequence • Knock sequence may arrive out-of-order • Daemon cannot recognize the knock • Access remain denied • Replay Attack • Adversaries who are able to monitor the knock sequence could replay the sequence to gain the same access SO HOW CAN WE SOLVE this ??
What Is SPA? • SPA is a variation of port knocking • Same aim • Differs significantly in delivery mechanism • SPA only requires a single knock • Refer as Authorization Packet • Knocks are encoded within a single packet
SPA Mechanism – Client Side • SPA client encoded all the necessary information into single packet • Usually uses • UDP • ICMP • Those information could be • Timestamp • Client IP & Password • Command/Control Data (optional) • There are many slightly different implementations • Encryption may be applied • Hash for message authentication and integrity • Signature using PKI and etc
SPA Mechanism – Server Side • Upon receiving the packet, SPA daemon will check • Password • Timestamp • Client must be synchronized • Accuracy up to minute • Client’s IP (header from received packet) • Signature, hash and etc • In case of encryption applied, then the daemon will attempt to decrypt the packet first
Recap. on Port Knocking Client Server Port Knock Client SSHd Port Knock Daemon 5724 22 … … SSH Client SYN: 5120 SYN: 128 SYN: 780 Application Application
Mechanism - How SPA Works? Client Server Port Knock Client SSHd Port Knock Daemon 5724 22 … … SSH Client Application Application ICMP Knock 0x08 0x00 0xA3E6 0x08 0x00 0x4D5A 0x0001 0x0001 0x0001 0x0001 abcdefghijklmnopqrstuvwabcdefghi (Windows OS default 32 Bytes data in ASCII) Username + Password + Timestamp + etc (Encrypted) Normal ICMP Echo Request Example ICMP Knock
Mechanism - How SPA Works? Client Server Port Knock Client SSH Port Knock Daemon 22 5726 … … SSH Client SSH Req Application Application
Advantages of SPA • Only a single packet is sent • which makes it faster than conventional port knocking • Replay protection is easily built within • Timestamp is added as replay protection • It is harder to make conventional port knocking replay-resilient • SPA can avoid trivial sequence busting attacks • Attacker could inject a duplicate packet while port knocking is being performed • This breaks the conventional port knocking
What is next? • We will perform more detailed studies • Focus on issues and problems of port knocking and SPA
THANK YOU !! QUESTION ?????