Implementing an IPv6 Moving Target Defense on a Live Network
Marchany, Randolph C.
Tront, Joseph G.
MetadataShow full item record
The goal of our research is to protect sensitive communications, which are commonly used by government agencies, from eavesdroppers or social engineers. In prior work, we investigated the privacy implications of stateless and stateful address autoconguration in the Internet Protocol version 6 (IPv6). Autocongured addresses, the default addressing system in IPv6, provide a third party a means to track and monitor targeted users globally using simple tools such as ping and traceroute. Dynamic Host Conguration Protocol for IPv6 (DHCPv6) addresses contain a static DHCP Unique Identier (DUID) that can be used to track and tie a stateless address to a host identity. Our research focuses on preventing the issue of IPv6 address tracking as well as creating a "moving target defense." The Moving Target IPv6 Defense (MT6D) dynamically hides network and transport layer addresses of packets in IPv6 to achieve anonymity and protect against certain classes of network attacks. Packets are encrypted to prevent trac correlation, which provides signicantly improved anonymity. MT6D has numerous applications ranging from hosts desiring to keep their locations private to hosts conducting sensitive communications. This paper explores the results of implementing a proof of concept MT6D prototype on a live IPv6 network.