SilentKnock: practical, provably undetectable authentication

  • Eugene Y. Vasserman
  • Nicholas HopperEmail author
  • James Tyra
Regular Contribution


Port knocking is a technique to prevent attackers from discovering and exploiting vulnerable network services, while allowing access for authenticated users. Unfortunately, most work in this area suffers from a lack of a clear threat model or motivation. To remedy this, we introduce a formal security model for port knocking, show how previous schemes fail to meet our definition, and give a provably secure scheme. We also present SilentKnock, an implementation of this protocol that is provably secure under the assumption that AES and a modified version of MD4 are pseudorandom functions, and integrates seamlessly with existing applications.


Provable security Cryptography Formal models Covert authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Krzywinski M.: Port knocking: network authentication across closed ports. SysAdmin Mag. 12(6), 12–17 (2003)Google Scholar
  2. 2.
    Barham, P., Hand, S., Isaacs, R., Jardetzky, P., Mortier, R., Roscoe, T.: Techniques for lightweight concealment and authentication in IP networks. Technical Report IRB-TR-02-009, Intel Research Berkeley (Jul 2002)Google Scholar
  3. 3.
    Worth, D.: CÖK: Cryptographic one-time knocking. In: Black Hat USA (2004)Google Scholar
  4. 4.
    deGraaf, R., Aycock, J., Jacobson, M.J.: Improved port knocking with strong authentication. In: Proc. ACSAC ’05, pp. 451–462Google Scholar
  5. 5.
    The Open Source Vulnerability Database. Accessed 8 May 8 2008
  6. 6.
    Fluhrer, S., Mantin, I., Shamir, A.: Attacks on RC4 and WEP. RSA Laboratories, Cryptobytes 5(2), (2002)Google Scholar
  7. 7.
    Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Proc. CCS ’02, pp. 1–11Google Scholar
  8. 8.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1. In: Proc. Crypto 98, pp. 1–12Google Scholar
  9. 9.
    Hopper, N.J., Langford, J., Von Ahn, L.: Provably secure steganography. In: Proc. CRYPTO 2002, pp. 77–92Google Scholar
  10. 10.
    Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Proc. Information Hiding 05, pp. 247–261Google Scholar
  11. 11.
    Bernstein, D.J.: The Poly1305-AES message authentication code. In: Proc. FSE 2005Google Scholar
  12. 12.
    Linux kernel source. drivers/char/random.cGoogle Scholar
  13. 13.
    Vasserman, E.Y., Hopper, N., Laxson, J., Tyra, J.: SilentKnock. (April 2008)
  14. 14.
    Krzywinski, M.: Port knocking.
  15. 15.
    Graham-Cumming, J.: Practical secure port knocking. Dr. Dobb’s Journal (Nov. 2004)Google Scholar
  16. 16.
    Manzanares, A.I., Marquez, J.T., Estevez-Tapiador, J.M., Castro, J.C.H.: Attacks on port knocking authentication mechanism. In: LNCS, vol. 3483, pp. 1292–1300 (2005)Google Scholar
  17. 17.
    PK. Ahsan, D.K.: Practical data hiding in TCP/IP. In: Proc. Workshop on Multimedia Security at ACM Multimedia (2002)Google Scholar
  18. 18.
    Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)Google Scholar
  19. 19.
    Conehead: Stego hasho. Phrack 9(55), (1999)Google Scholar
  20. 20.
  21. 21.
    Ahn, L.v., Hopper, N., Langford, J.: Covert two-party computation. In: Proc. STOC ’05, pp. 513–522Google Scholar
  22. 22.
    Bond, M., Danezis, G.: The dining Freemasons: Security protocols for secret societies. In: Proc. 13th International Workshop on Security Protocols, Cambridge, England (2005)Google Scholar
  23. 23.
    Heffernan, A.: Protection of BGP sessions via the TCP MD5 signature option. (1998)
  24. 24.
    Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional (2005)Google Scholar
  25. 25.
    Ring S, Cole E.: Taking a lesson from stealthy rootkits. IEEE Secur. Priv. 2(4), 38–45 (2004)CrossRefGoogle Scholar
  26. 26.
    Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Proc. CRYPTO ’96, pp. 313–328Google Scholar
  27. 27.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Proc. CRYPTO’96, pp. 1–15Google Scholar
  28. 28.
    Welte, H., Kadlecsik, J., Josefsson, M., McHardy, P., Kozakai, Y., Morris, J., Boucher, M., Russell, R.: The project.
  29. 29.
    Postel, J. (ed.): Transmission control protocol. (1981)
  30. 30.
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions (extended abstract). In: Proc. STOC ’77, pp. 106–112Google Scholar
  31. 31.
    Aikat, J., Kaur, J., Smith, F.D., Jeffay, K.: Variability in TCP round-trip times. In: Proc. IMC’03, pp. 279–284Google Scholar
  32. 32.
    Bellovin S.M.: Security problems in the TCP/IP protocol suite. SIGCOMM Comput. Commun. Rev. 19(2), 32–48 (1989)CrossRefGoogle Scholar
  33. 33.
    Kent, S., Atkinson, R.: IP authentication header. (1998)
  34. 34.
    Jacobson, V., Braden, R., Borman, D.: TCP extensions for high performance. (1992)
  35. 35.
    Boneh D., Franklin M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  36. 36.

Copyright information

© Springer-Verlag 2008

Authors and Affiliations

  • Eugene Y. Vasserman
    • 1
  • Nicholas Hopper
    • 1
    Email author
  • James Tyra
    • 1
  1. 1.Computer Science and EngineeringUniversity of MinnesotaMinneapolisUSA

Personalised recommendations