Secure VPN Using Mobile IPv6 Based Moving Target Defense

In this paper, we introduce MVPN, a framework for building secure Virtual Private Networks (VPNs) with a novel Mobile IPv6 based Moving Target Defense strategy. Our approach aids in combating remote attacks against a VPN server. By eliminating the static address of the server, we make it difficult for an attacker to find the server. The server''s address is randomly changed at a certain interval creating a moving target. At the same time, authenticated clients are updated through the use of the Binding Update procedure (standard Mobile IPv6 protocol). One key strength of this approach lies in the fact that the clients do not need to make any changes or use special software. Our testbed experiments show low packet-loss rates that may occur due to the handoff delay.

[1]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[2]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[3]  Charles E. Perkins Mobile IPv6 , 2001, LCN.

[4]  W. Marsden I and J , 2012 .

[5]  Fei Li,et al.  Catch Me If You Can: A Cloud-Enabled DDoS Defense , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[6]  Christopher Morrell,et al.  Scaling IPv6 address bindings in support of a moving target defense , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[7]  Charles E. Perkins Securing Mobile IPv6 Route Optimization Using a Static Shared Key , 2006, RFC.

[8]  Joseph G. Tront,et al.  MT6D: A Moving Target IPv6 Defense , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[9]  Fei Li,et al.  A moving target DDoS defense mechanism , 2014, Comput. Commun..