Students Secure New Internet Protocol

Wednesday, May 11, 2011 @ 02:05 PM gHale

The Moving Target IPv6 Defense (MT6D) is a network security and privacy tool for the new Internet Protocol version 6 (IPv6), an Internet address system that will replace the 20-year-old IPv4.

That product, developed by a team from the Virginia Tech Information Technology Security Laboratory and Bradley Department of Electrical and Computer Engineering, won third place in the 2011 National Security Innovation Competition sponsored by the National Homeland Defense Foundation, a nonprofit forum for responding to terrorism tactics and natural disasters.

University of Ottawa came in first place with a paper entitled “Innovative and Cost Effective Blast Strengthening of Wood Framed Structures”

University of Notre Dame came in second for a paper “Dilation Aware Multi-Image Enrollment for Iris Biometrics”

Virginia Tech’s third place paper was “Dynamic Obscuration of IPv6 Addresses to Achieve a Moving Target Defense”

Virginia Tech runs one of the few production scale IPv6 networks in the country, supporting the campus network of more than 30,000 computing and communication systems.

“MT6D provides a means for hosts to communicate with each other over the public Internet while maintaining complete anonymity from targeting, tracking, and traffic correlation,” said Stephen Groat of Alexandria, Va., a Ph.D. student in computer engineering.

“We have leveraged IPv6 and the advanced Virginia Tech infrastructure to develop a product that will protect the networks of tomorrow,” said William Urbanski, security analyst with the Virginia Tech IT Security Office.

MT6D dynamically obscures network and transport layer addresses of data packets to achieve anonymity, including authentication privacy, said Urbanski. It also protects against certain classes of network attacks. “That means MT6D makes it nearly impossible to observe, track, or interfere with the conversation taking place between two computers on an IPv6 network,” he said.

“The goal of our research is to protect sensitive communications commonly used by government agencies from eavesdroppers or social engineers,” said Randy Marchany, Virginia Tech chief information security officer and one of the inventors. Many communications require messages authentication. “The problem with message authentication is that a third party can use the identity tied to the authenticated message to track a sender,” Marchany said.

MT6D differs from other dynamic obscuration techniques by combining network security with anonymity, said Matthew Dunlop of Depoe Bay, Ore., a Ph.D. student in computer engineering. “It can be implemented embedded on a device or as a network gateway requiring negligible configuration, and is therefore transparent to hosts. MT6D has many applications including mobile devices, the smart grid, and industrial control systems (SCADA).”