John Heidemann / Papers / Chhoyhopper: A Moving Target Defense with IPv6

Chhoyhopper: A Moving Target Defense with IPv6
ASM Rizvi and John Heidemann

Citation

ASM Rizvi and John Heidemann. Chhoyhopper: A Moving Target Defense with IPv6. Poster abstract and poster at Annual Computer Security Applications Conference. [PDF] [alt PDF]

Abstract

Services on the public Internet are frequently scanned, then subject to brute-force and denial-of-service attacks. We would like to run such services stealthily, available to friends but hidden from adversaries. In this work, we propose a moving target defense named “Chhoyhopper” that utilizes the vast IPv6 address space to conceal publicly available services. The client and server hop to different IPv6 addresses in a pattern based on a shared, pre-distributed secret and the time of day. By hopping over a /64 prefix, services cannot be found by active scanners, and passively observed information is useless after two minutes. We demonstrate our system with the two important applications—SSH and HTTPS.

Bibtex Citation

@misc{Rizvi21a,
  author = {Rizvi, {ASM} and Heidemann, John},
  title = {Chhoyhopper: A Moving Target Defense with {IPv6}},
  howpublished = {Poster abstract and poster at  Annual Computer Security Applications Conference},
  month = dec,
  year = {2021},
  sortdate = {2021-12-07},
  project = {ant, sabres},
  jsubject = {network_security},
  jlocation = {johnh: pafile},
  keywords = {moving target, chhoyhopper, ipv6, ssh},
  blogurl = {https://ant.isi.edu/blog/?p=1819},
  url = {https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi21a.html},
  pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi21a.pdf},
  otherpdfurl = {https://ant.isi.edu/%7erizvi/acsac-2021/chhoyhopper-abstract-and-poster.pdf}
}
Copyright © by John Heidemann