SINGLE PACKET SINGLE PACKET AUTHORIZATION AUTHORIZATION (SPA)(SPA)

SINGLE PACKET SINGLE PACKET

AUTHORIZATION AUTHORIZATION

(SPA) (SPA)

Software Project Presentation Paper Study – Part 2

Group members:

Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Agenda Agenda

 Issues in Port Knocking

 Introduction of SPA

 Mechanism of SPA

 Advantages of SPA

Issues in Port Knocking Issues in Port Knocking



Port knocking is built based on some pre–determined sequence of packets

◦ To get the port open, one has to knock in correct sequence



Knock sequence may arrive out-of-order

◦ Daemon cannot recognize the knock

◦ Access remain denied



Replay Attack

◦ Adversaries who are able to monitor the

knock sequence could replay the sequence to gain the same access

SO

HOW

SOLVE this

What Is SPA?

What Is SPA?

 SPA is a variation of port knocking

◦ Same aim

◦ Differs significantly in delivery mechanism

 SPA only requires a single knock

◦ Refer as Authorization Packet

◦ Knocks are encoded within a single

packet

SPA Mechanism – Client SPA Mechanism – Client Side Side

 SPA client encoded all the necessary information into single packet

 Usually uses

◦ UDP

◦ ICMP

 Those information could be

◦ Timestamp

◦ Client IP & Password

◦ Command/Control Data (optional)

 There are many slightly different implementations

◦ Encryption may be applied

◦ Hash for message authentication and integrity

◦ Signature using PKI and etc

SPA Mechanism – Server SPA Mechanism – Server Side Side



Upon receiving the packet, SPA daemon will check

◦ Password

◦ Timestamp

 Client must be synchronized

 Accuracy up to minute

◦ Client’s IP (header from received packet)

◦ Signature, hash and etc



In case of encryption applied, then

the daemon will attempt to decrypt

the packet first

Server Server

Port Knock Daemon

Recap. on Port Knocking Recap. on Port Knocking

SSHd

Application Application

2222

Client Client

Port Knock Client

SSH Client

572 4 572

4

SYN: 5120 SYN: 128

SYN: 780

Server Server

Port Knock Daemon

Mechanism - How SPA Mechanism - How SPA

Works?

Works?

SSHd

Application Application

2222

Client Client

Port Knock Client

SSH Client

572 4 572

4

ICMP Knock

0x08 0x00

0x0001 0x0001

0xA3E6

Username + Password + Timestamp + etc

(Encrypted)

Example ICMP Knock

0x08 0x00

0x0001 0x0001

0x4D5A

abcdefghijklmnopqrstuvwabcdefghi (Windows OS default 32 Bytes data in

ASCII)

Normal ICMP Echo Request

Server Server

Port Knock Daemon

SSH

Application Application

2222

Client Client

Port Knock Client

SSH Client

572 6 572

6

SSH Req

Mechanism - How SPA Mechanism - How SPA

Works?

Works?

Advantages of SPA Advantages of SPA



Only a single packet is sent

◦ which makes it faster than conventional port knocking



Replay protection is easily built within

◦ Timestamp is added as replay protection

◦ It is harder to make conventional port knocking replay-resilient



SPA can avoid trivial sequence busting attacks

◦ Attacker could inject a duplicate packet while port knocking is being performed

◦ This breaks the conventional port knocking

What is next?

What is next?

 We will perform more detailed studies

 Focus on issues and problems of

port knocking and SPA

QUESTION ?????

QUESTION ?????

THANK YOU !!