Enhanced User Authentication Based on Dynamic Port Knocking Technique

Port knocking is a passive authentication
mechanism which aims to control firewall response using a
sequence of connection attempts to its closed ports. Dynamic
port knocking which varies in each session, faces many
challenges which are knocking sequence synchronization
between client and server, handling high load of normal
requests, out of order knocks, lost knocks, knocking through
NAT, and knocking attacks. In this paper, a proposed dynamic
port knocking approach is provided. The proposed approach,
with the help of intermediate IPS, enables client and target
server to generate a unique dynamic knocking sequence based
on a secured random seed. This process is executed only at first
communication session. Next, client begins to authenticate
himself by knocking the target service with different ports and
different number of knocks each time a session is initiated.
Client-Server knocking synchronization, lost knocks, and out
of order knocks are considered for issuing a correct knocking.
The proposed approach provides immunity against several
network attacks such as DoS attack, replay attack, and brute
forcing attack. Extensive simulation shows that the proposed
work overcome other compared approaches in terms of
response time, memory utilization, CPU utilization, and the
number of provided features.