The Internet Protocol version 6 (IPv6) brings with it a seemingly endless supply of network addresses. It does not, however, solve many of the vulnerabilities that existed in Internet Protocol version 4 (IPv4). In fact, privacy-related crimes in IPv6 are made easier due to the way IPv6 addresses are formed. We developed a Moving Target IPv6 Defense (MT6D) that leverages the immense address space of IPv6. The two goals of MT6D are maintaining user privacy and protecting against targeted network attacks. These goals are achieved by repeatedly rotating the addresses of both the sender and receiver. Address rotation occurs, regardless of the state of ongoing sessions, to prevent an attacker from discovering the identities of the two communicating hosts. Rotating addresses mid-session prevents an attacker from even determining that the same two hosts are communicating. The continuously changing addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful network attack. Our proof of concept demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. We also demonstrate MT6D's ability to rotate addresses mid-session without dropping or renegotiating sessions. Since MT6D operates at the network layer of the protocol stack, it provides a powerful moving target solution that is both platform and application independent.
[1]
Thomas Narten,et al.
IPv6 Stateless Address Autoconfiguration
,
1996,
RFC.
[2]
Claude E. Shannon,et al.
A Mathematical Theory of Communications
,
1948
.
[3]
Marcelo Bagnulo,et al.
Cryptographically Generated Addresses (CGA) Extension Field Format
,
2006,
RFC.
[4]
Thomas Narten,et al.
Neighbor Discovery for IP Version 6 (IPv6)
,
1996,
RFC.
[5]
Joseph G. Tront,et al.
IPv6: Now You See Me, Now You Don't
,
2011,
ICON 2011.
[6]
Stephen E. Deering,et al.
IP Version 6 Addressing Architecture
,
1995,
RFC.
[7]
Thomas Narten,et al.
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
,
2001,
RFC.