Ordering and Reordering - Disappearing Cryptography

Cryptography Reference

In-Depth Information

Alice is correct. This can also increase the stealth by preventing

the same pattern of

n

ports from emerging.

Subsets Another way to make the process even trickier is to group

together sets of ports, call them

P 1 ,P 2 ,...

.Whenthealgorithm

says knock on port

i

, it chooses one of the ports from set

P i ,

adding more confusion.

There is no end to the complexity and deception that can be

added to these algorithms. The only limitation is that port knocking

is relatively expensive. A “knock” consists of a UDP or TCP packet

that may have several hundred bits even though it is only conveying

16 bits of information, the port number. Mixing in fake ports with

a challenge and response can really slow things down. This is why

some are examining packing all of the authentication information

into a single packet, a technique often called, unsurprisingly, single

packet authentication .

13.11 Continuous Use and Jamming

There is no reason why the information needs to be encoded in one

set of

n ! different permutations. R. C. Chakinala, Abishek

Kumarasubramanian, R. Manokaran, G. Noubir, C.Pandu Rangan,

and Ravi Sundaram imagined using the technique to send informa-

tion by distorting the order of packets traveling over a TCP-IP net-

work. These packets are not guaranteed to arrive in the same se-

quence in which they left the sender and so the packets include a

packet number to allow the recipient to put them back in the correct

order. Sometimes packets take different paths through the network

and the different paths reorder things. This is an opportunity to hide

information by purposely misordering the packets as they leave and

hiding a signal in this misordering. [CKM + 06]

In a long file transfer, there's no obvious beginning and end of

the set of objects and so it's possible to imagine a more continuous

transfer of data bymodifying the order of successive groups. It would

be possible, for instance, to reorder every 5 packets in groups and

send along

n

items and

log 2 5! bits.

If some intermediary wants to distort the flow of packets to try

and jam any communications, the game becomes a bit more inter-

esting. Imagine that the sender can only modify the position of a

packet by a few slots, say + / − 2. The jammer can only change the

position of a few. The result can be analyzed by game theory to de-

termine the maximal data throughput that the sender can produce

and the maximum amount of data that the jammer can stop.

Disappearing Cryptography

Search WWH ::

Custom Search

Home