Title page for ETD etd-03282012-151031


Type of Document Dissertation
Author Dunlop, Matthew William
Author's Email Address dunlop@vt.edu
URN etd-03282012-151031
Title Achieving Security and Privacy in the Internet Protocol Version 6 Through the Use of Dynamically Obscured Addresses
Degree PhD
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Tront, Joseph G. Committee Chair
Koelling, Charles Patrick Committee Member
Marchany, Randolph C. Committee Member
Midkiff, Scott F. Committee Member
Schaumont, Patrick Robert Committee Member
Keywords
  • Dynamic Addressing
  • Security
  • Privacy
  • Moving Target Defense
  • IPv6
Date of Defense 2012-03-15
Availability unrestricted
Abstract
Society's increased use of network applications, such as email, social networking, and web browsing, creates a massive amount of information floating around in cyber space. An attacker can collect this information to build a profile of where people go, what their interests are, and even what they are saying to each other. For certain government and corporate entities, the exposure of this information could risk national security or loss of capital. This work identifies vulnerabilities in the way the Internet Protocol version 6 (IPv6) forms addresses. These vulnerabilities provide attackers with the ability to track a node’s physical location, correlate network traffic with specific users, and even launch attacks against users’ systems. A Moving Target IPv6 Defense (MT6D) that rotates through dynamically obscured network addresses while maintaining existing connections was developed to prevent these addressing vulnerabilities.

MT6D is resistant to the IPv6 addressing vulnerabilities since addresses are not tied to host identities and continuously change. MT6D leverages the immense address space of IPv6 to provide an environment that is infeasible to search efficiently. Address obscuration in MT6D occurs throughout ongoing sessions to provide continued anonymity, confidentiality, and security to communicating hosts. Rotating addresses mid-session prevents an attacker from determining that the same two hosts are communicating. The dynamic addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful attack. A proof of concept was developed that demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. Also demonstrated is MT6D’s ability to rotate addresses mid-session without dropping or renegotiating sessions.

This work makes three contributions to the state-of-the-art IPv6 research. First, it fully explores the security vulnerabilities associated with IPv6 address formation and demonstrates them on a production IPv6 network. Second, it provides a method for dynamically rotating network addresses that defeats these vulnerabilities. Finally, a functioning prototype is presented that proves how network addresses can be dynamically rotated without losing established network connections. If IPv6 is to be globally deployed, it must not provide additional attack vectors that expose user information.

Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  Dunlop_MW_D_2012.pdf 4.36 Mb 00:20:10 00:10:22 00:09:04 00:04:32 00:00:23

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.