Secure random port list generator pada mekanisme autentikasi dengan menggunakan Port Knocking dan Secure Socket Layer
DOI:
https://doi.org/10.26594/register.v4i2.1162Keywords:
autentikasi, Port Knocking, SSH, SSL, authenticationAbstract
Port Knocking merupakan proses autentikasi yang dilakukan dengan mengetuk port tertentu untuk membuka dan menutup koneksi menuju suatu service. Pada umumnya, Port Knocking memiliki prosedur penetapan daftar port yang bersifat tetap. Hal inilah yang mendorong munculnya penelitian terkait penerapan Secure Random Port List Generator (SRPLG), melalui perancangan sebuah sistem yang mampu mengacak daftar port yang digunakan untuk knocking. Di samping itu, sistem ini juga didesain agar mampu mengirimkan informasi daftar port teracak tersebut kepada client melalui jalur aman. SRPLG server ini akan di integrasikan pada mekanisme autentikasi Port Knocking. Penerapan metode ini bertujuan untuk menciptakan sebuah prosedur autentikasi yang dinamis, aman dan efisien dalam mengamankan Secure Shell server (SSH server). Hasil pengujian yang didapatkan menunjukkan bahwa SRPLG server dalam mengacak daftar Port Knocking mampu menghasilkan daftar port yang selalu berubah setiap kali ada request dari client. Kemudian dari hasil sniffing yang dilakukan terhadap data yang ditransmisikan oleh SRPLG server dan client menunjukkan bahwa seluruh informasi yang ditangkap telah dienkripsi oleh Secure Socket Layer (SSL). Hasil pengujian peforma SRPLG server terhadap jumlah client yang melakukan request, rata-rata membutuhkan waktu antara 0,01 detik sampai 0,06 detik dalam setiap variasi pengujian peformansi. Pengujian terakhir menunjukkan bahwa SSH server telah berhasil diamankan dengan konfigurasi Port Knocking dari serangan port scanning attack, di mana seluruh informasi port yang ditampilkan, tidak ditemukan satupun celah yang dapat eksploitasi.
Port Knocking is an authentication process done by tapping a particular port to open and close the connection to a service. In general, the knocking port has a fixed procedure to assign ports list. This is what prompted the emergence of research related to the implementation of Secure Random Port List Generator (SRPLG), through the design of a system capable of scrambling the list of ports used for knocking. In addition, the system is also designed to be able to transmit random ports list information to clients via a secure path. This SRPLG server will be integrated into the Port Knocking authentication mechanism. Implementation of this method aims to create a dynamic authentication procedure, secure and efficient in securing the SSH server. The test results show that the secure random port list generator server in scrambling the list of knocking ports is able to generate an ever-changing port list every time a client requests. Then from the sniffing done to the data transmitted by the SRPLG server and the client indicates that all captured information has been encrypted by secure socket layer or SSL. Performance test marks SRPLG server to the number of clients who make requests, average takes between 0.01 seconds to 0.06 seconds in every variation of performance testing. In the last test shows SSH server has been successfully secured with Port Knocking configuration from attack port scanning attack, where all port information is displayed, not found any fault that can exploit.
References
Ali, F. H., Yunos, R., & Alias, M. A. (2012). Simple Port Knocking method: Against TCP replay attack and port scanning. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (hal. 247-252). Kuala Lumpur: IEEE.
Fajri, M. S., Suhatman, R., & Putra, Y. E. (2014). Analisa Port Knocking Pada Sistem Operasi Linux Ubuntu Server 12.04 LTS. Jurnal Teknik Elektro dan Komputer, 2(1), 59-67.
Kristianto, D. Y. (2015). Keamanan Jaringan Menggunakan Firewall Dengan Metode Random Port Knocking Untuk Koneksi SSH. Badung: Universitas Udayana.
Mehran, P., Reza, E. A., & Laleh, B. (2012). SPKT: Secure Port Knock-Tunneling, an enhanced port security authentication mechanism. 2012 IEEE Symposium on Computers & Informatics (ISCI) (hal. 145-149). Penang: IEEE.
Novrianda, R. (2018). Implementasi authentication Captive Portal pada Wireless Local Area Network PT. Rikku Mitra Sriwijaya. Register: Jurnal Ilmiah Teknologi Sistem Informasi, 4(2), 67-80.
Putra, A. E., Rumani, R., & Purwanto, Y. (2012). Implementasi Remote Server dengan Metode Port Knocking Menggunakan Bahasa Phyton. Bandung: Telkom University.
Rozi, M. F., Ijtihadie, R. M., & Anggoro, R. (2010). Implementasi Remote Server Menggunakan Metode Port Knocking Dengan Asymmetric Encryption. Makalah Seminar Tugas Akhir, 2010(Januari), 1-5.
Downloads
Published
How to Cite
Issue
Section
License
Please find the rights and licenses in Register: Jurnal Ilmiah Teknologi Sistem Informasi. By submitting the article/manuscript of the article, the author(s) agree with this policy. No specific document sign-off is required.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
2. Author(s)' Warranties
The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).
3. User/Public Rights
Register's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, Register permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and Register on distributing works in the journal and other media of publications. Unless otherwise stated, the authors are public entities as soon as their articles got published.
4. Rights of Authors
Authors retain all their rights to the published works, such as (but not limited to) the following rights;
Copyright and other proprietary rights relating to the article, such as patent rights,
The right to use the substance of the article in own future works, including lectures and books,
The right to reproduce the article for own purposes,
The right to self-archive the article (please read out deposit policy),
The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Register: Jurnal Ilmiah Teknologi Sistem Informasi).
5. Co-Authorship
If the article was jointly prepared by more than one author, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. Register will not be held liable for anything that may arise due to the author(s) internal dispute. Register will only communicate with the corresponding author.
6. Royalties
Being an open accessed journal and disseminating articles for free under the Creative Commons license term mentioned, author(s) aware that Register entitles the author(s) to no royalties or other fees.
7. Miscellaneous
Register will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. Register's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.
Editorial Board
Author Guidelines
Focus and Scope
Online Submissions
Author Fees 
Journal History
