Paper Info
Title
Mt6d: A Moving Target Ipv6 Defense
Abstract
The Internet Protocol version 6 (IPv6) brings with it a seemingly endless supply of network addresses. It does not, however, solve many of the vulnerabilities that existed in Internet Protocol version 4 (IPv4). In fact, privacy-related crimes in IPv6 are made easier due to the way IPv6 addresses are formed. We developed a Moving Target IPv6 Defense (MT6D) that leverages the immense address space of IPv6. The two goals of MT6D are maintaining user privacy and protecting against targeted network attacks. These goals are achieved by repeatedly rotating the addresses of both the sender and receiver. Address rotation occurs, regardless of the state of ongoing sessions, to prevent an attacker from discovering the identities of the two communicating hosts. Rotating addresses mid-session prevents an attacker from even determining that the same two hosts are communicating. The continuously changing addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful network attack. Our proof of concept demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. We also demonstrate MT6D's ability to rotate addresses mid-session without dropping or renegotiating sessions. Since MT6D operates at the network layer of the protocol stack, it provides a powerful moving target solution that is both platform and application independent.
Year
DOI
Venue
2011
10.1109/MILCOM.2011.6127486
2011 - MILCOM 2011 MILITARY COMMUNICATIONS CONFERENCE
Keywords
Field
DocType
moving target defense, IPv6, security, privacy
Address space,IPv6,Internet Protocol,IPv4,Computer science,Computer security,Network security,Computer network,IPv6 address,Protocol stack,The Internet
Conference
Citations 
PageRank 
References 
40
1.90
2
Authors
5
Name
Order
Citations
PageRank
Matthew Dunlop1777.68
Stephen Groat2746.27
William Urbanski3574.20
randy marchany417515.88
joseph g tront514924.97