Chhoyhopper: A Moving Target Defense with IPv6
ASM Rizvi, John Heidemann
TL;DR
Chhoyhopper employs IPv6 address hopping based on shared secrets and time-of-day to conceal services, significantly reducing their visibility to scanners and passive observers, enhancing security and stealth.
Contribution
This paper introduces a novel IPv6 moving target defense mechanism that dynamically changes service addresses to improve stealth against scanning and observation.
Findings
Effective concealment of services from active scanning.
Passive observation becomes ineffective after two minutes.
Demonstrated with SSH and adaptable to other applications.
Abstract
Services on the public Internet are frequently scanned, then subject to brute-force and denial-of-service attacks. We would like to run such services stealthily, available to friends but hidden from adversaries. In this work, we propose a moving target defense named "Chhoyhopper" that utilizes the vast IPv6 address space to conceal publicly available services. The client and server to hop to different IPv6 addresses in a pattern based on a shared, pre-distributed secret and the time-of-day. By hopping over a /64 prefix, services cannot be found by active scanners, and passively observed information is useless after two minutes. We demonstrate our system with SSH, and show that it can be extended to other applications.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · IPv6, Mobility, Handover, Networks, Security