A moving target defense approach for protecting resource-constrained distributed devices

Techniques aimed at continuously changing a system's attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. In this paper, we propose an MTD approach for protecting resource-constrained distributed devices through fine-grained reconfiguration at different architectural layers. In order to show the feasibility of our approach in real-world scenarios, we study its application to Wireless Sensor Networks (WSNs), introducing two different reconfiguration mechanisms. Finally, we show how the proposed mechanisms are effective in reducing the probability of successful attacks.

[1]  Bo Sheng,et al.  WM-ECC: an Elliptic Curve Cryptography Suite on Sensor Motes , 2007 .

[2]  Jonathan W. Hui,et al.  Securing the Deluge network programming system , 2006, 2006 5th International Conference on Information Processing in Sensor Networks.

[3]  Nicola Mazzocca,et al.  Analysis and Comparison of Security Protocols in Wireless Sensor Networks , 2011, 2011 IEEE 30th Symposium on Reliable Distributed Systems Workshops.

[4]  Luigi Troiano,et al.  A Reference Model for Security Level Evaluation: Policy and Fuzzy Techniques , 2005, J. Univers. Comput. Sci..

[5]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[6]  Sushil Jajodia,et al.  Moving Target Defense II: Application of Game Theory and Adversarial Modeling , 2012 .

[7]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[8]  Qiang Wang,et al.  Reprogramming wireless sensor networks: challenges and approaches , 2006, IEEE Network.

[9]  David E. Culler,et al.  The dynamic behavior of a data dissemination protocol for network programming at scale , 2004, SenSys '04.

[10]  Anh Nguyen-Tuong,et al.  Effectiveness of Moving Target Defenses , 2011, Moving Target Defense.

[11]  Xiaotie Deng,et al.  TinyPairing: A Fast and Lightweight Pairing-Based Cryptographic Library for Wireless Sensor Networks , 2010, 2010 IEEE Wireless Communication and Networking Conference.

[12]  Sushil Jajodia,et al.  A moving target defense mechanism for MANETs based on identity virtualization , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[13]  Valeria Vittorini,et al.  A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures , 2007, J. Comput. Secur..

[14]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[15]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.

[16]  Michael Atighetchi,et al.  Adaptive use of network-centric mechanisms in cyber-defense , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[17]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.