Rapid Address Change Aids Security
Monday, April 4, 2016 @ 01:04 PM gHale
By changing a networked device’s IP address repeatedly at a very fast pace makes it possible to enhance security.
The new concept called moving target defense moves an IP address around rapidly to avoid attackers from finding it, said Vahid Heydari’s, computer engineering doctoral student at the University of Alabama in Huntsville (UAH). His research poster on “Preventing Remote Cyber Attacks against Aircraft Avionics Systems” ended up named the best poster at the 11th International Conference on Cyber Warfare and Security in Boston.
“Receiving the best poster award means we are exactly on the right track and have a lot of work to do on this topic,” says Heydari, who also presented a paper on his research at the conference.
His research exploits the abundance of addresses available in the new Internet Protocol version 6 (IPv6) to change a networked device’s IP address repeatedly at a very fast pace. The concept, called moving target defense, moves an IP address around rapidly to avoid it being found by an attacker.
“IP connectivity is increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems,” Heydari said. “I am working on a Moving Target Mobile IPv6 Defense (MTM6D) that changes the IP addresses randomly and dynamically to prevent remote attacks in the reconnaissance step. Because it uses dynamic IP addresses, it will be very hard for attackers to target a system.”
Applications for MTM6D include critical infrastructure networks, aircraft avionics systems, uninterruptible autopilot systems and anti-censorship systems.
“Fortunately, I found a lot of interest in this topic in the conference,” Heydari said. “According to the feedback, this method can increase the security of aircraft and prevent cyber attacks. Adding this method to aircraft avionics systems can open an avenue for the uninterruptible autopilot system to prevent events like the 9/11 attacks, Malaysia Airlines Flight 370 crash or the Germanwings Flight 9525 crash.”
“His research proposes a possibility to prevent remote cyber attacks against undisclosed computer application vulnerabilities, while current technology – such as firewalls or intrusion detection systems – can prevent the attacks only against known vulnerability exploits,” said Dr. Seong-Moo (Sam) Yoo, associate professor of electrical and computer engineering and Heydari’s advisor. “His research could be applied to protect national critical infrastructure networks.”
Researchers and government agencies have big interest in moving target defense, said Dr. Tommy Morris, director of UAH’s Center for Cybersecurity Research and Education.
“Vahid has found a way to use standardized IP version 6 protocol techniques to achieve an effective moving target defense,” Dr. Morris said. “Vahid’s poster was about using moving target defense to defend an avionics system – that is just one of many applicable areas. Moving target defense is useful for industrial control systems, personal computers, servers, the Internet of things and in many other domains.”