Christopher Morrell, R. Moore, R. Marchany, J. Tront
{"title":"DHT Blind Rendezvous for Session Establishment in Network Layer Moving Target Defenses","authors":"Christopher Morrell, R. Moore, R. Marchany, J. Tront","doi":"10.1145/2808475.2808477","DOIUrl":null,"url":null,"abstract":"This paper introduces a new method of securely exchanging information through a moving blind rendezvous by leveraging the size and distributed nature of BitTorrent Mainline Distributed Hash Table (DHT) in order to bootstrap a connection between nodes in a network layer moving target defense (MTD) system. Specifically we demonstrate an implementation of this scheme integrated with an existing MTD implemented in the IPv6 space: the Moving Target IPv6 Defense (MT6D). We show how MT6D peers can use this protocol to exchange configuration information, allowing them to locate other nodes as they move around the Internet, and how they can securely establish connections and related association parameters with no prior knowledge of the other party's network state. We require a minimal amount of pre-shared information between nodes; only that peers have access to public key information. This scheme enables mobility for peers within the MT6D protocol, allows dynamically changing configurations, and allows an MT6D server to scale to supporting many clients without a quadratic explosion in the number of secret keys which need to be maintained.","PeriodicalId":20578,"journal":{"name":"Proceedings of the Second ACM Workshop on Moving Target Defense","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Second ACM Workshop on Moving Target Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2808475.2808477","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
This paper introduces a new method of securely exchanging information through a moving blind rendezvous by leveraging the size and distributed nature of BitTorrent Mainline Distributed Hash Table (DHT) in order to bootstrap a connection between nodes in a network layer moving target defense (MTD) system. Specifically we demonstrate an implementation of this scheme integrated with an existing MTD implemented in the IPv6 space: the Moving Target IPv6 Defense (MT6D). We show how MT6D peers can use this protocol to exchange configuration information, allowing them to locate other nodes as they move around the Internet, and how they can securely establish connections and related association parameters with no prior knowledge of the other party's network state. We require a minimal amount of pre-shared information between nodes; only that peers have access to public key information. This scheme enables mobility for peers within the MT6D protocol, allows dynamically changing configurations, and allows an MT6D server to scale to supporting many clients without a quadratic explosion in the number of secret keys which need to be maintained.