Design And Implementation Of Port-Hopping Technology Based On Nonlinear Shift Register

With the rapid expansion of the Internet, hackers have carried out more and more attacks in recent years, most of which are based on the vulnerability of the network system. More and more hosts become the target of hackers, and the information security is facing serious challenges. DoS/DDoS attacks are easy to carry out but difficult to resist, and have become a major kind of attack on the Internet. Traditional security technologies have no obvious effects on DoS/DDoS attacks.Port-Hopping technology draws lesson from the Frequency-Hopping technology. In the communication process, the port of the server is not fixed, but hops randomly and dynamically, so it is difficult for attackers to scan out the port number used by the server. Therefore, the risk of being attacked is reduced.The paper discusses the application of Port-Hopping technology, and does some improvement on the Port-Hopping scheme. Then, the paper proposes a Port-Hopping scheme based on stream cipher in order to improve system tolerance to the attacks.In the scheme, we use Non-Linear Feedback Shift Register (NLFSR) as a pseudo-random sequence generator. The server and the client use the Diffie-Hellman algorithm to distribute seed key. The NLFSR produces pseudo-random sequence as an input parameter of a function, which generates the port number for the server. The scheme has some advantages:communicating hosts do not need a Port-Hopping diagram or pre-shared key, and the communication cost is very small; the process of Port-Hopping is real-time, random, and quick; the progress is very secure and efficient.The key technologies involved in this scheme are NLFSR, stream cipher technologies, Diffie-Hellman algorithm and port sequence generation algorithm.The system consists of key exchange module, port sequence generation module, communication module and application interface module. The development environment is Windows XP SP2, Visual Studio. Net, C++, WinSock 2.0.Theoretical analysis and experimental results show that the Port-Hopping scheme can produce a good pseudo-random sequence at a low cost of communication, and has a good effect to protect systems from DoS/DDoS attacks and port scan. The scheme is proved to be feasible and effective.