C-Lock: Local Network Resilient Port Knocking System Based on TOTP

Abstract

Port knocking is an access-control technique that consists of revealing a network protected resource only to those users that can prove they know a preshared port sequence. This proving process is done by connecting to the defined ports in the correct order; so, the list gets exposed to the adversaries with access to the connection's channel. We propose a newfangled technique for protecting this process, avoiding eavesdroppers to get a long-live valid sequence. Our method is based on TOTP codes and has been designed thinking on making it the most usable as possible. There has been designed two different approaches, but we demonstrate that the most simple of them is far enough robust, while it remains to be very usable. This technique is especially suitable for enhancing the resilience of network services against local network adversaries.