5.1 Security Considerations for Implementers

The security of this protocol assumes that only a physical local area network (LAN) connection is available when executing this protocol, and that physical connectivity to the LAN is an implicit built-in authentication factor. Note that wireless networks do not offer this security. However, WiFi usage with the NKPU Protocol is acceptable if the user is required to authenticate to the access point [IEEE802.11-2007] when establishing a connection to the NKPU server.

This assumption might be considered reasonable when the environment executing the protocol runs prior to booting the full operating system, because firmware generally does not provide a wireless network stack.

The ability or inability of an NKPU client request to reach an NKPU server is also a means of securing or restricting access, respectively. Thus, network topology and/or a network appliance configuration that prevent requests from parts of the network from reaching the NKPU unlock server also effectively prevent network unlock.

To be secure from brute-force guessing attacks, keys need to be securely generated with a cryptographically strong random number generator.

To resist two-touch replay attacks, where an attacker on the physical network first records an exchange and then takes the client outside the physical network, it is recommended that session keys and key protectors be used only once and then discarded.