ABSTRACT
As systems and networks begin to transition to the Internet Protocol version 6 (IPv6), the immense address space available in the new protocol allows for devices to maintain multiple addresses and to change addresses frequently. These new capabilities encourage network layer moving target defenses in IPv6. Yet, common transport layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), create sockets that are bound to a single IP address and that require significant amounts of system and network overhead per session, discouraging their use for communication over multiple addresses. Stream Control Transmission Protocol (SCTP) is a transport layer protocol that allows for network sockets to use multiple IP addresses, referred to as multihoming. SCTP was tested with the Moving Target Defense for IPv6 (MT6D), a network layer moving target defense that was originally designed using UDP to dynamically change IPv6 addresses while maintaining sessions. By switching from UDP to SCTP, MT6D will improve performance and show the capability of multi-homed transport layer protocols, such as SCTP, in moving target defenses.
Supplemental Material
Available for Download
Supplemental file.
- R. Atkinson, S. Bhatti, and S. Hailes. Ilnp: mobility, multi-homing, localised addressing and security through naming. Telecommunication Systems, 42:273--291, 2009. 10.1007/s11235-009-9186-5.Google ScholarDigital Library
- T. Aura, P. Nikander, and G. Camarillo. Effects of mobility and multihoming on transport-protocol security. In Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, pages 12--26, may 2004.Google ScholarCross Ref
- T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878, 6176.Google Scholar
- R. A. Fink, M. A. Brannigan, S. A. Evans, A. M. Almeida, and S. A. Ferguson. Method and apparatus for providing adaptive self-synchronized dynamic address translation. Patent, May 2006. US 7,043,633.Google Scholar
- S. Groat, M. Dunlop, R. Marchany, and J. Tront. Using dynamic addressing for a moving target defense. In the 6th International Conference on Information Warfare and Security (ICIW 2011), Mar. 2011.Google Scholar
- E. Nordmark and T. Li. Threats Relating to IPv6 Multihoming Solutions. RFC 4218 (Informational), Oct. 2005.Google Scholar
- V. I. Sheymov. Method and communications and communication network intrusion protection methods and intrusion attempt detection system. Patent, Feb. 2010. US 2010/0042513 A1.Google Scholar
- R. Stewart. Stream Control Transmission Protocol. RFC 4960 (Proposed Standard), Sept. 2007. Updated by RFCs 6096, 6335.Google Scholar
Index Terms
- Using transport layer multihoming to enhance network layer moving target defenses
Recommendations
Wireless Transport Layer Congestion Control Evaluation
The performance of transport layer protocols can be affected differently due to wireless congestion, as opposed to network congestion. Using an active network evaluation strategy in a real world test-bed experiment, the Transport Control Protocol TCP, ...
Comments