Address Knocking: An Undetectable Authentication Based on IPv6 Address

摘要

In the Internet, to protect against attacks that exploit unknown vulnerabilities, it is desirable to allow access to some hosts on a firewall only to authorized external users and present closed to others. Based on the address features of IPv6, we proposed a new network security technique called address knocking (AK), can be seen as an undetectable authentication. Address knocking is a form of host-to-host communication which relies on deliberately communication attempts. These connection attempts are monitored by a daemon which interprets the interface identifier of destination IPv6 address as information. Theoretical and Empirical analysis demonstrates that AK scheme can effectively conduct undetectable authentication and prevent the exposure of existence of the important host.