Final Report for the Network Security Mechanisms Utilizing Network Address Translation LDRD Project

A new protocol technology is just starting to emerge from the laboratory environment. Its stated purpose is to provide an additional means in which networks, and the services that reside on them, can be protected from adversarial compromise. This report has a two-fold objective. First is to provide the reader with an overview of this emerging Dynamic Defenses technology using Dynamic Network Address Translation (Dynat). This “structure overview” is concentrated in the body of the report, and describes the important attributes of the technology. The second objective is to provide a framework that can be used to help in the classification and assessment of the different types of dynamic defense technologies along with some related capabilities and limitations. This information is primarily contained in the appendices. (See appendix A, B and C) TABLE OF CONTENTS

[1]  Lawrence S. Grossman,et al.  Appendix C.1 , 1984, Transitions to Capitalism in Early Modern Europe.

[2]  Andreas Pfitzmann,et al.  Networks without user observability , 1987, Comput. Secur..

[3]  Richard E. Newman,et al.  High level prevention of traffic analysis , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[4]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[5]  Thomas E Marlin,et al.  Process Control , 1995 .

[6]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[7]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[9]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[10]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[11]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[12]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[13]  Paul Syverson,et al.  Onion routing access configurations , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[14]  Hannes Federrath,et al.  Project “anonymity and unobservability in the Internet” , 2000, CFP '00.

[15]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[16]  Craig Smith,et al.  Know Your Enemy : Passive Fingerprinting , 2001 .

[17]  C. Colwill,et al.  Information Assurance , 2001 .

[18]  D. Kewley,et al.  Dynamic approaches to thwart adversary intelligence gathering , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[19]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[20]  Deon Reynders 3 – Ethernet networks , 2003 .

[21]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.