Digital certificate-based port knocking for connected embedded systems

Abstract

The Internet of Things (IoT) is more vulnerable to targeted cyber-attacks than an ordinary Information Technology (IT) infrastructure, where these cyber-attacks operate on subsequent identification (i.e., port scan and exploitation of device's vulnerabilities). Port scans can be rendered useless by applying Port Knocking (PK) as information is transmitted across closed network ports by using a common secret, a device firewall hides all ports from the outside world by filtering (PK) network packets (i.e. TCP connection requests). A secure approach to authenticate IOT devices on the network is required as the current PK approaches (e.g. one time password) suffer from security issues such as sharing secrets. Therefore, this research aims to reinforce existing port knocking methods with a digital certificate for alternative authentication among IoT devices. Such concepts will be complementary to other cryptographic concepts (i.e. shared encryption keys as adopted in ZigBee).