Applying Self-Shielding Dynamics to the Network Architecture

The static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. Further, once an attacker has gained access to a node within an enclave, there is little to stop a determined attacker from mapping out and spreading to other hosts and services within the enclave. To reduce the impact and spread of an attack before it is detected and removed, semantic changes can be made to several fundamental aspects of the network in order to create cryptographically-strong dynamics. In this chapter, we describe such an architecture designed on top of IPv6 for a wired network enclave. User and operating system impacts are mitigated through the use of a hypervisor, and the dynamics remain compatible with existing network infrastructure. At the same time, an attacker’s ability to plan, spread, and communicate within the network is significantly limited by the imposed dynamics.

[1]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[2]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[3]  Bill Cheswick,et al.  Worm Propagation Strategies in an IPv6 Internet , 2006, login Usenix Mag..

[4]  Sandeep K. S. Gupta,et al.  Vulnerabilities of PKI based Smartcards , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[5]  William J. Lynn,et al.  Defending a New Domain: The Pentagon's Cyberstrategy , 2010 .

[6]  Peng Xie,et al.  A Self-shielding Dynamic Network Architecture , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[7]  Thomas Narten,et al.  IPv6 Address Assignment to End Sites , 2011, RFC.