Skip to main content
SpringerLink
Log in

A Performance Assessment of Network Address Shuffling in IoT Systems

  • Conference paper
  • First Online:
Computer Aided Systems Theory – EUROCAST 2017 (EUROCAST 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10671))

Included in the following conference series:

Abstract

While the large scale distribution and unprecedented connectivity of embedded systems in the Internet of Things (IoT) has enabled various useful application scenarios, it also poses a risk to users and infrastructure alike. Recent incidents, like the Mirai botnet, have shown that these devices are often not sufficiently protected against attacks and can therefore be abused for malicious purposes, like distributed denial of service (DDoS) attacks. While it may be an impossible task to completely secure all systems against attacks, moving target defense (MTD) has been proposed as an alternative to prevent attackers from finding devices and endpoints and eventually launching their attacks against them. One of these approaches is network-based moving target defense which relies on the obfuscation and change of network level information, like IP addresses and ports. Since most of these approaches have been developed with desktop applications in mind, their usefulness in IoT applications has not been investigated.

In this paper we provide a study on the applicability of network-based MTD for low-power devices. We investigate their capabilities to regularly change addresses. We furthermore investigate their performance with multiple assigned IP addresses, for both IPv4 and IPv6. We show that although some functionality of these systems may be impeded by constantly changing addresses, network-based MTD might nonetheless be a viable option to protect Internet-connected embedded systems from attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972 (Proposed Standard), March 2005. http://www.ietf.org/rfc/rfc3972.txt. Updated by RFCs 4581, 4982

  2. Cai, G., Wang, B., Wang, X., Yuan, Y., Li, S.: An introduction to network address shuffling. In: 18th International Conference on Advanced Communication Technology (ICACT), pp. 185–190. IEEE (2016)

    Google Scholar 

  3. Casola, V., De Benedictis, A., Albanese, M.: A moving target defense approach for protecting resource-constrained distributed devices. In: 14th International Conference on Information Reuse and Integration (IRI), pp. 22–29. IEEE (2013)

    Google Scholar 

  4. Christodorescu, M., Fredrikson, M., Jha, S., Giffin, J.: End-to-end software diversification of internet services. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 117–130. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9_7

  5. Droms, R.: Dynamic Host Configuration Protocol. RFC 2131 (Draft Standard), March 1997. http://www.ietf.org/rfc/rfc2131.txt. Updated by RFCs 3396, 4361, 5494, 6842

  6. Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: a moving target IPv6 defense. In: 2011 Military Communications Conference (MILCOM 2011), pp. 1321–1326, November 2011

    Google Scholar 

  7. Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: The blind man’s bluff approach to security using IPv6. IEEE Secur. Privacy 10(4), 35–43 (2012)

    Article  Google Scholar 

  8. Gont, F.: A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC). RFC 7217 (Proposed Standard), April 2014. http://www.ietf.org/rfc/rfc7217.txt

  9. Hinden, R., Deering, S.: IP Version 6 Addressing Architecture. RFC 4291 (Draft Standard), February 2006. http://www.ietf.org/rfc/rfc4291.txt. Updated by RFCs 5952, 6052, 7136, 7346, 7371

  10. Huang, Y., Ghosh, A.K.: Introducing diversity and uncertainty to create moving attack surfaces for web services. In: Jajodia, S., Ghosh, A., Swarup, V., Wang, C., Wang, X. (eds.) Moving Target Defense. Advances in Information Security, vol. 54, pp. 131–151. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9_8

  11. Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, vol. 54. Springer Science & Business Media, Heidelberg (2011). https://doi.org/10.1007/978-1-4614-0977-9

  12. Judmayer, A., Merzdovnik, G., Ullrich, J., Voyiatzis, A., Weippl, E.: Lightweight address hopping for defending the IPv6 IoT. In: International Conference on Availability, Reliability and Security (ARES) (2017)

    Google Scholar 

  13. Kampanakis, P., Perros, H., Beyene, T.: SDN-based solutions for moving target defense network protection. In: Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, pp. 1–6, June 2014

    Google Scholar 

  14. Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 339–348, December 2006

    Google Scholar 

  15. Krylov, V., Kravtsov, K.: IP fast hopping protocol design. In: 10th Central and Eastern European Software Engineering Conference in Russia, CEE-SECR 2014, pp. 11:1–11:5 (2014)

    Google Scholar 

  16. Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941 (Draft Standard), September 2007. http://www.ietf.org/rfc/rfc4941.txt

  17. Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862 (Draft Standard), September 2007. http://www.ietf.org/rfc/rfc4862.txt. Updated by RFC 7527

  18. Ullrich, J., Weippl, E.: Privacy is not an option: attacking the IPv6 privacy extension. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 448–468. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_21

    Chapter  Google Scholar 

  19. Zhuang, R., DeLoach, S.A., Ou, X.: Towards a theory of moving target defense. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 31–40. ACM (2014)

    Google Scholar 

Download references

Acknowledgments

This work was supported partly by the Christian Doppler Forschungsgesellschaft (CDG) through Josef Ressel Center (JRC) projects TARGET and u’smile and the Austrian Research Promotion Agency (FFG) through projects SBA-K1, A2Bit, and CyPhySec.

Author information

Authors and Affiliations

  1. SBA Research, Vienna, Austria

    Aljosha Judmayer, Georg Merzdovnik, Johanna Ullrich, Artemios G. Voyiatzis & Edgar Weippl

  2. TU Wien, Vienna, Austria

    Georg Merzdovnik, Artemios G. Voyiatzis & Edgar Weippl

Authors
  1. Aljosha Judmayer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg Merzdovnik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Johanna Ullrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Artemios G. Voyiatzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Artemios G. Voyiatzis .

Editor information

Editors and Affiliations

  1. University of Las Palmas de Gran Canaria, Las Palmas de Gran Canaria, Spain

    Roberto Moreno-Díaz

  2. Johannes Kepler University Linz, Linz, Austria

    Franz Pichler

  3. University of Las Palmas de Gran Canaria, Las Palmas de Gran Canaria, Spain

    Alexis Quesada-Arencibia

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Judmayer, A., Merzdovnik, G., Ullrich, J., Voyiatzis, A.G., Weippl, E. (2018). A Performance Assessment of Network Address Shuffling in IoT Systems. In: Moreno-Díaz, R., Pichler, F., Quesada-Arencibia, A. (eds) Computer Aided Systems Theory – EUROCAST 2017. EUROCAST 2017. Lecture Notes in Computer Science(), vol 10671. Springer, Cham. https://doi.org/10.1007/978-3-319-74718-7_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-74718-7_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-74717-0

  • Online ISBN: 978-3-319-74718-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation