One-Time Knocking Framework using SPA and IPsec
This paper presents an improved scheme over the existing Port-Knocking and Single Packet Authorization by employing One-Time Password to generate the authorization tokens for the server to verift the authenticity of client before allowing the deployment of dynamic firewall rules. This One-Time Knocking framework utilizes mobile networks such as GSM or CDMA network as an out-out-band channel to create a 2-factor authentication. Our improved scheme protects against off-line and on-line dictionary and brute-force password attack. It also provides a strong association between Port-Knocking or Single Packet Authorization and the post-authentication connectivity between the client and server thus stopping adversaries from hijacking the session by Man-ln-The-Middle attacks.
Port Knocking Single Packet Authorization 2-Factor Authentication One-Time Password
Jiun-Hau Liew Shirly Lee Ivy Ong Hoon-Jae Lee Hyotaek Lim
Department of Ubiquitous IT Graduate School of Design & IT, Dongseo University Busan, Korea Department of Computer Engineering Dongseo University Busan, Korea
国际会议
上海
英文
209-213
2010-06-22(万方平台首次上网日期,不代表论文的发表时间)