Chhoyhopper: A Moving Target Defense with IPv6. Rizvi, A. & Heidemann, J. In Proceedings of the IEEE Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), pages to appear, San Diego, California, USA, April, 2022. IEEE. Paper doi abstract bibtex Services on the public Internet are frequently scanned, then subject to brute-force password attempts and Denial-of-Service (DoS) attacks. We would like to run such services stealthily, where they are available to friends but hidden from adversaries. In this work, we propose a discovery-resistant moving target defense named ``Chhoyhopper'' that utilizes the vast IPv6 address space to conceal publicly available services. The client meets the server at an IPv6 address that changes in a pattern based on a shared, pre-distributed secret and the time of day. By hopping over a /64 prefix, services cannot be found by active scanners, and passively observed information is useless after two minutes. We demonstrate our system with the two important applications—SSH and HTTPS, and make our system publicly available.
@InProceedings{Rizvi22b,
author = "{A S M} Rizvi and John Heidemann",
title = "Chhoyhopper: A Moving Target Defense with {IPv6}",
booktitle = "Proceedings of the " # "{IEEE} Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb)",
year = 2022,
sortdate = "2022-04-24",
project = "ant, ddidd, paaddos, sabres",
jsubject = "network_security",
pages = "to appear",
month = apr,
address = "San Diego, California, USA",
publisher = "IEEE",
jlocation = "johnh: pafile",
keywords = "chhoyhopper, moving target defense, ipv6, https, tls, ssh",
doi = "https://dx.doi.org/10.14722/madweb.2022.23004",
blogurl = "https://ant.isi.edu/blog/?p=1845",
url = "https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22a.html",
pdfurl = "https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22b.pdf",
abstract = "Services on the public Internet are frequently scanned, then subject
to brute-force password attempts and Denial-of-Service (DoS) attacks.
We would like to run such services stealthily, where they are
available to friends but hidden from adversaries. In this work, we
propose a discovery-resistant moving target defense named
``Chhoyhopper'' that utilizes the vast IPv6 address space to conceal
publicly available services. The client meets the server at an IPv6
address that changes in a pattern based on a shared, pre-distributed
secret and the time of day. By hopping over a /64 prefix, services
cannot be found by active scanners, and passively observed information
is useless after two minutes. We demonstrate our system with the two
important applications---SSH and HTTPS, and make our system publicly
available.",
}
Downloads: 0
{"_id":"MTByKsHCcdBEDQXeH","bibbaseid":"rizvi-heidemann-chhoyhopperamovingtargetdefensewithipv6-2022","author_short":["Rizvi, A.","Heidemann, J."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["A S M"],"propositions":[],"lastnames":["Rizvi"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]}],"title":"Chhoyhopper: A Moving Target Defense with IPv6","booktitle":"Proceedings of the IEEE Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb)","year":"2022","sortdate":"2022-04-24","project":"ant, ddidd, paaddos, sabres","jsubject":"network_security","pages":"to appear","month":"April","address":"San Diego, California, USA","publisher":"IEEE","jlocation":"johnh: pafile","keywords":"chhoyhopper, moving target defense, ipv6, https, tls, ssh","doi":"https://dx.doi.org/10.14722/madweb.2022.23004","blogurl":"https://ant.isi.edu/blog/?p=1845","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22a.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22b.pdf","abstract":"Services on the public Internet are frequently scanned, then subject to brute-force password attempts and Denial-of-Service (DoS) attacks. We would like to run such services stealthily, where they are available to friends but hidden from adversaries. In this work, we propose a discovery-resistant moving target defense named ``Chhoyhopper'' that utilizes the vast IPv6 address space to conceal publicly available services. The client meets the server at an IPv6 address that changes in a pattern based on a shared, pre-distributed secret and the time of day. By hopping over a /64 prefix, services cannot be found by active scanners, and passively observed information is useless after two minutes. We demonstrate our system with the two important applications—SSH and HTTPS, and make our system publicly available.","bibtex":"@InProceedings{Rizvi22b,\n author = \"{A S M} Rizvi and John Heidemann\",\n title = \"Chhoyhopper: A Moving Target Defense with {IPv6}\",\n booktitle = \"Proceedings of the \" # \"{IEEE} Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb)\",\n year = 2022,\n\tsortdate = \t\t\"2022-04-24\", \n\tproject = \"ant, ddidd, paaddos, sabres\",\n\tjsubject = \"network_security\",\n pages = \"to appear\",\n month = apr,\n address = \"San Diego, California, USA\",\n publisher = \"IEEE\",\n jlocation = \"johnh: pafile\",\n keywords = \"chhoyhopper, moving target defense, ipv6, https, tls, ssh\",\n doi = \"https://dx.doi.org/10.14722/madweb.2022.23004\",\n\tblogurl = \"https://ant.isi.edu/blog/?p=1845\",\n\turl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22a.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22b.pdf\",\n\tabstract = \"Services on the public Internet are frequently scanned, then subject\nto brute-force password attempts and Denial-of-Service (DoS) attacks.\nWe would like to run such services stealthily, where they are\navailable to friends but hidden from adversaries. In this work, we\npropose a discovery-resistant moving target defense named\n``Chhoyhopper'' that utilizes the vast IPv6 address space to conceal\npublicly available services. The client meets the server at an IPv6\naddress that changes in a pattern based on a shared, pre-distributed\nsecret and the time of day. By hopping over a /64 prefix, services\ncannot be found by active scanners, and passively observed information\nis useless after two minutes. We demonstrate our system with the two\nimportant applications---SSH and HTTPS, and make our system publicly\navailable.\",\n}\n\n\n","author_short":["Rizvi, A.","Heidemann, J."],"bibbaseid":"rizvi-heidemann-chhoyhopperamovingtargetdefensewithipv6-2022","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi22a.html"},"keyword":["chhoyhopper","moving target defense","ipv6","https","tls","ssh"],"metadata":{"authorlinks":{}}},"bibtype":"inproceedings","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","fLZcDgNSoSuatv6aX","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["chhoyhopper","moving target defense","ipv6","https","tls","ssh"],"search_terms":["chhoyhopper","moving","target","defense","ipv6","rizvi","heidemann"],"title":"Chhoyhopper: A Moving Target Defense with IPv6","year":2022}