This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The Blind Man's Bluff Approach to Security Using IPv6
July-Aug. 2012 (vol. 10 no. 4)
pp. 35-43
Matthew Dunlop, Virginia Tech
Stephen Groat, Virginia Tech
William Urbanski, Dell SecureWorks
Randy Marchany, Virginia Tech
Joseph Tront, Virginia Tech
Most networks today employ static network defenses. The problem with static defenses is that adversaries have unlimited time to circumvent them. This article proposes a moving-target defense based on the Internet Protocol version 6 (IPv6) that dynamically obscures network-layer and transport-layer addresses. This technique can be thought of as "frequency hopping" in the Internet Protocol space. By constantly moving the logical location of a host on a network, this technique prevents targeted attacks, host tracking, and eavesdropping. The authors demonstrate the design's feasibility and functionality using prototypes deployed on Virginia Tech's campuswide IPv6 network.

1. T. Narten, R. Draves, and S. Krishnan, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6,” RFC 4941, Internet Eng. Task Force, Sept. 2007.
2. R. Hinden and S. Deering, “IP Version 6 Addressing Architecture,” RFC 4291, Internet Eng. Task Force, Feb. 2006.
3. T. Narten et al., “Neighbor Discovery for IP version 6 (IPv6),” RFC 4861, Internet Eng. Task Force, Sept. 2007.
4. S. Thomson, T. Narten, and T. Jinmei, “IPv6 Stateless Address Autoconfiguration,” RFC 4862, Internet Eng. Task Force, Sept. 2007.
5. S. Deering and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification,” RFC 2460, Internet Eng. Task Force, Dec. 1998.
1. V.I. Sheymov, Method and Communications and Communication Network Intrusion Protection Methods and Intrusion Attempt Detection System, US Patent 2010/0042513 A1, Patent and Trademark Office, Feb. 2010.
2. R.A. Fink et al., Method and Apparatus for Providing Adaptive Self-Synchronized Dynamic Address Translation, US Patent 7,043,633 B1, Patent and Trademark Office, May 2006.
3. T. Narten, R. Draves, and S. Krishnan, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6,” RFC 4941, Internet Eng. Task Force, Sept. 2007.
4. M. Bagnulo and J. Arkko, “Cryptographically Generated Addresses (CGA) Extension Field Format,” RFC 4581 (Proposed Standard), Internet Eng. Task Force, Oct. 2006.

Index Terms:
Logic gates,Privacy,Protocols,Receivers,Cryptography,IP networks,Target detection,privacy,moving-target defense,IPv6,security
Citation:
Matthew Dunlop, Stephen Groat, William Urbanski, Randy Marchany, Joseph Tront, "The Blind Man's Bluff Approach to Security Using IPv6," IEEE Security & Privacy, vol. 10, no. 4, pp. 35-43, July-Aug. 2012, doi:10.1109/MSP.2012.28
Usage of this product signifies your acceptance of the Terms of Use.