Letter to editor@ijsrp.org

To: editor@ijsrp.org
From: rennie.degraaf@gmail.com
Subject:Plagiarism in http://www.ijsrp.org/research-paper-0913/ijsrp-p2197.pdf

Hello,

I would like to advise you that the paper "Port–Knocking System using Unilateral Authentication Algorithm" by Rashmi Tiwari, published in the September 2013 edition of your journal and posted at http://www.ijsrp.org/research-paper-0913/ijsrp-p2197.pdf (hereafter referred to as "the Tiwari paper" for brevity), is heavily plagiarized from my MSc thesis from May 2007, which is available at http://ciphertext.info/papers/thesis-degraaf.pdf.

For instance, compare the following paragraph from section 3.2.3 of my paper:

Lack of association between authentication and connection

In most existing port knocking systems, there is no logical association between the authentication sequence and the connection that is subsequently opened. This means that after a successful authentication, anyone with the client’s IP address can connect to the server (hereafter referred to as a race attack ). An attacker could hijack a successful authentication by blocking further transmissions from a client after it authenticates, but before it makes a connection, and then assuming the client’s identity and connecting itself. This problem is especially severe in the presence of NAT; to a server that has obtained the public IP address of a client, all hosts that share the client’s public address look alike. An attacker that shares the client’s public address does not need to block transmissions from the client; it just needs to connect to the server first.

to section III.1 of the Tiwari paper:

Lack of association between authentication and connection

An attacker could hijack a successful authentication by blocking further transmissions from a client after it authenticates. This problem is especially severe in the presence of NAT; to a server that has obtained the public IP address of a client, all hosts that share the client’s public address look alike.

The entire text of that paragraph is simply pulled from my paper. Section III.2 of the Tiwari paper is likewise copied from section 3.2.3 of mine. The first three paragraphs of section IV of the Tiwari paper are copied from section 4.1 of my paper; the remainder is pulled from section 4.1.4 of my paper except that a couple of the constants were changed and the tables re-calculated based on the new constants. The title and first three sentences of section V of the Tiwari paper are copied from sections 4.2 and 4.2.1 of mine; this is especially obvious since he copies my statement that

This section introduces Inter-packet Delays in port knocking that do not suffer from this problem.

but does not copy any of the techniques that I introduced or introduce any of his own. This leaves only the introduction and conclusion of the Tiwari paper that are not wholly plagiarized from my work. (And parts of both are copied from my papers.)

The Tiwari paper *does* list my earlier paper from ACSAC 2005 (available at http://ciphertext.info/papers/portknocking-acsac2005.pdf) as a reference, but it does not cite my thesis or make it clear what my contributions are. Even if the Tiwari paper did cite me properly, there is no excuse for such whole-scale copying from other people's work in such a short paper.

With this in mind, I request that you promptly withdraw the Tiwari paper and review to your editorial process to ensure that you don't publish such blatantly plagiarized work in the future.

Rennie deGraaf