Performance Evaluation of Widely used Portknoking Algorithms
This work provides a comparative analysis for network security practitioners to select efficient port knocking implementations, but it is incremental as it evaluates existing algorithms without introducing new methods.
The paper evaluated the performance of three widely used port knocking algorithms (Aldaba, FWKNOP, and SIG-2) based on ten parameters, concluding that FWKNOP is the most efficient due to its compatibility with Windows clients.
Port knocking is a technique by which only a single packet or special sequence will permit the firewall to open a port on a machine where all ports are blocked by default. It is a passive authorization technique which offers firewall-level authentication to ensure authorized access to potentially vulnerable network services. In this paper, we present performance evaluation and analytical comparison of three widely used port knocking (PK) algorithms, Aldaba, FWKNOP and SIG-2. Comparative analysis is based upon ten selected parameters; Platforms (Supported OS), Implementation (PK, SPA or both), Protocols (UDP, TCP, ICMP), Out of Order packet delivery, NAT (Network Address Translation), Encryption Algorithms, Root privileges (For installation and operation), Weak Passwords, Replay Attacks and IPv6 compatibility. Based upon these parameters, relative performance score has been given to each algorithm. Finally, we deduce that FWKNOP due to compatibility with windows client is the most efficient among chosen PK implementations.