The goal of our research is to protect sensitive communications, which are commonly used by government agencies, from eavesdroppers or social engineers. In prior work, we investigated the privacy implications of stateless address autoconfiguration in the Internet Protocol version 6 (IPv6). Autoconfigured addresses, the default addressing system in IPv6, provide a third party a means to track and monitor targeted users globally using simple tools such as ping and
traceroute. Signed messages also expose the identities of both the sender and receiver to a third party. Our research focuses on preventing the issue of IPv6 address tracking as well as creating a "moving target defense." The Moving Target IPv6 Defense (MT6D) dynamically hides network and transport layer addresses of packets in IPv6 to achieve anonymity and protect against certain classes of network attacks. MT6D focuses on providing users with anonymity as well as intrusion protection. It accomplishes this through automatically changing addresses with no outside involvement. Packets are encrypted to prevent traffic correlation, which provides significantly improved anonymity. In its preferred implementation, MT6D protects against address tracking, traffic correlation, and certain classes of network attacks. MT6D can be implemented embedded on a host device or as a gateway device, either in software or hardware. Use of MT6D requires negligible configuration and is transparent to applications and hosts. It has numerous applications ranging from hosts desiring to keep their locations private to hosts conducting sensitive communications. Although our primary focus is IPv6, these techniques can also apply to the Internet Protocol version 4 (IPv4) provided an available pool of unallocated addresses exists.
Virginia Tech Intellectual Properties (VTIP): A Technique for Synchronized Dynamically Obscured Addresses in IPv6 (VTIP 11-043)
Virginia Tech News: Virginia Tech cyber security team creates winning network security product
SearchSecurity.com: IPv6 connectivity: Innovations address IPv6 security concerns
TechRepublic: How new research aims to protect our privacy on IPv6 networks
Stephen Groat, Matthew Dunlop, William Urbanski
Dynamic Obscuration of IPv6 Addresses to Achieve a Moving Target Defense
3rd Place
National Homeland Defense Foundation (NHDF): National Security Innovation Competition Winners Announced
Matthew Dunlop
1st Place, Poster Presentation
Graduate Student Assembly (GSA) Research Symposium
The amount of data that floods today’s networks is well beyond what security analysts can manage by textual means alone. In an effort to solve this problem, researchers have explored different methods of visualizing network security threats. There is little debate that humans can perceive more information visually than textually. The problem is that the majority of visualization tools in practice or proposed do not take efficient visualization techniques into consideration. As a result, it is difficult to get a high-level view of the network that facilitates rapid isolation of network attacks. We propose the Converged Security Visualization Tool (Cover-VT) to solve the efficient visualization problem. Cover-VT was designed to provide analysts with a high-level view of network threats using geographic information systems. The tool allows for rapid identification of threats by minimizing the cognitive obstacles to efficient threat location. Cover-VT includes the capability to drill-down on a node of interest for additional details and even filter out unwanted data. Cover-VT was designed with usability in mind, making it easy to comprehend while assisting the analyst in rapid threat identification. Many different security tools make up a security analyst’s tool kit. Cover-VT was developed as an effective security visualization system that integrates existing security tools and network security systems.
Virginia Tech Bradley Department of Electrical and Computer Engineering: Coping with information overload with visualization
Due to an exponentially larger address space than the Internet Protocol version 4 (IPv4), the Internet Protocol version 6 (IPv6) uses new methods to assign network addresses to Internet nodes. Stateless Address AutoConfiguration creates an address using a static value derived from the Media Access Control (MAC) address of a network interface as host portion, or Interface Identifier (IID). The Dynamic Host Configuration Protocol version 6 uses a client-server model to manage network addresses, providing stateful address configuration. While DHCPv6 can be configured to assign randomly distributed addresses, the DHCPv6 Unique Identifier (DUID) was designed to remain static for clients as they move between different DHCPv6 subnets and networks. Both the IID and DUID are static values which are publicly exposed, creating a privacy and security threat for users and nodes.
The static IID and DUID allow attackers to violate unsuspecting IPv6 users' privacy and security with ease. These static identifiers make geographic tracking and network traffic correlation over multiple sessions simple. Also, different classes of computer and network attacks, such as system-specific attacks and Denial of Service (DoS) attacks, are easier to successfully employ due to these identifiers. This research identifies and tests the validity of the privacy and security threat of static IID and DUID. Solutions which mitigate or eliminate the threat posed by static identifiers in IPv6 are identified.
Groat, S.; Dunlop, M.; Marchany, R.; Tront, J.
6th Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW 2010)
April 21-23, 2010
AbstractPlus | Full Text: PDF ACM CNF
Rights and Permissions
Stephen Groat, Master of Science, Electrical and Computer Engineering
May 2011
ETD | Full Text: PDF