A Performance Assessment of Network Address Shuffling in IoT Systems

While the large scale distribution and unprecedented connectivity of embedded systems in the Internet of Things (IoT) has enabled various useful application scenarios, it also poses a risk to users and infrastructure alike. Recent incidents, like the Mirai botnet, have shown that these devices are often not sufficiently protected against attacks and can therefore be abused for malicious purposes, like distributed denial of service (DDoS) attacks. While it may be an impossible task to completely secure all systems against attacks, moving target defense (MTD) has been proposed as an alternative to prevent attackers from finding devices and endpoints and eventually launching their attacks against them. One of these approaches is network-based moving target defense which relies on the obfuscation and change of network level information, like IP addresses and ports. Since most of these approaches have been developed with desktop applications in mind, their usefulness in IoT applications has not been investigated.

[1]  Joseph G. Tront,et al.  The Blind Man's Bluff Approach to Security Using IPv6 , 2012, IEEE Security & Privacy.

[2]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[3]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[4]  Edgar R. Weippl,et al.  Lightweight Address Hopping for Defending the IPv6 IoT , 2017, ARES.

[5]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[6]  Vladimir Krylov,et al.  IP fast hopping protocol design , 2014 .

[7]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.

[8]  Fernando Gont A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC) , 2014, RFC.

[9]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[10]  Edgar R. Weippl,et al.  Privacy is Not an Option: Attacking the IPv6 Privacy Extension , 2015, RAID.

[11]  Thomas Narten,et al.  IPv6 Stateless Address Autoconfiguration , 1996, RFC.

[12]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[13]  Valentina Casola,et al.  A moving target defense approach for protecting resource-constrained distributed devices , 2013, 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI).

[14]  Somesh Jha,et al.  End-to-End Software Diversification of Internet Services , 2011, Moving Target Defense.

[15]  Joseph G. Tront,et al.  MT6D: A Moving Target IPv6 Defense , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[16]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[17]  Xiaofeng Wang,et al.  An introduction to network address shuffling , 2016, 2016 18th International Conference on Advanced Communication Technology (ICACT).