Decentralized Identifier Distribution for Moving Target Defense and Beyond

In this work, we propose a novel approach for decentralized identifier distribution and synchronization in networks. The protocol generates network entity identifiers composed of timestamps and cryptographically secure random values with a significant reduction of collision probability. The distribution is inspired by Unique Universal Identifiers and Timestamp-based Concurrency Control algorithms originating from database applications. We defined fundamental requirements for the distribution, including: uniqueness, accuracy of distribution, optimal timing behavior, scalability, small impact on network load for different operation modes and overall compliance to common network security objectives. An implementation of the proposed approach is evaluated and the results are presented. Originally designed for a domain of proactive defense strategies known as Moving Target Defense, the general architecture of the protocol enables arbitrary applications where identifier distributions in networks have to be decentralized, rapid and secure.

[1]  Hans D. Schotten,et al.  Catch Me If You Can: Dynamic Concealment of Network Entities , 2018, MTD@CCS.

[2]  Michael B. Crouse,et al.  Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses , 2015, MTD@CCS.

[3]  Cheng Lei,et al.  Moving Target Defense Techniques: A Survey , 2018, Secur. Commun. Networks.

[4]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[5]  Rich Salz,et al.  A Universally Unique IDentifier (UUID) URN Namespace , 2005, RFC.

[6]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[7]  Minghui Zhu,et al.  Comparing Different Moving Target Defense Techniques , 2014, MTD '14.

[8]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[9]  Mirko Suznjevic,et al.  Delay Limits for Real-Time Services , 2015 .

[10]  Ehab Al-Shaer,et al.  An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[11]  Sailik Sengupta,et al.  A Survey of Moving Target Defenses for Network Security , 2019, IEEE Communications Surveys & Tutorials.

[12]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[13]  Ho-Jin Choi,et al.  A Timestamp-Based Optimistic Concurrency Control for Handling Mobile Transactions , 2006, ICCSA.

[14]  Jianqiang Yi,et al.  Time Based Congestion Control (TBCC) for High Speed High Delay Networks , 2006, ICIC.

[15]  Philip A. Bernstein,et al.  Timestamp-Based Algorithms for Concurrency Control in Distributed Database Systems , 1980, VLDB.