research-article

Anti-Censorship Framework using Mobile IPv6 based Moving Target Defense

Authors:

Seong-Moo YooAuthors Info & Claims

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

Article No.: 7, Pages 1 - 8

https://doi.org/10.1145/2897795.2897815

Published: 05 April 2016 Publication History

Abstract

Anti-censorship techniques are important as the ability to freely access information is key to a democratic society. This issue has become even more critical in the information age. In this paper, we present an anti-censorship scheme based on the use of moving target defense implemented with Mobile IPv6. Our approach leverages the participation of content providers (the servers) and relies on unmodified standard Mobile IPv6 protocol. We utilize multiple care-of-addresses to assign each user to access groups and rotate them in a random shuffling that occur at some parametized time interval. We present the various aspects of this approach (such as blocking probability) and reason about its efficacy using an analytical (probabilistic) model. We also present the results of our initial prototype implementation, which was used to look at practical parameters and to understand the implementation overhead. Our analysis shows that it would require a tremendous amount of effort and resources for the adversary to overcome our scheme and censor the end-users.

References

[1]

F-secure | switch on freedom. https://www.f-secure.com/en_US/welcome. Accessed: 2015-10-04.

[2]

Free VPN service | free VPN software - hotspot shield VPN. http://www.hotspotshield.com/. Accessed: 2015-10-04.

[3]

Psiphon | uncensored internet access for windows and mobile. https://psiphon3.com/en/index.html. Accessed: 2015-10-04.

[4]

J. Arkko, C. Vogt, and W. Haddad. Enhanced route optimization for mobile ipv6. RFC 4866, RFC Editor, May 2007. http://www.rfc-editor.org/rfc/rfc4866.txt.

[5]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In USENIX Security Symposium, 2004.

Digital Library

[6]

M. Dunlop, S. Groat, W. Urbanski, R. Marchany, and J. Tront. Mt6d: A moving target ipv6 defense. In AFCEA/IEEE MILCOM, 2011.

[7]

A. Ebalard. Mobile ipv6 ipsec route optimization (iro). Internet-Draft draft-ebalard-mext-ipsec-ro-02, IETF Secretariat, July 2010. http://www.ietf.org/internet-drafts/draft-ebalard-mext-ipsec-ro-02.txt.

[8]

A. Houmansadr, C. Brubaker, and V. Shmatikov. The parrot is dead: Observing unobservable network communications. In IEEE Symposium on Security and Privacy, 2013.

Digital Library

[9]

A. Houmansadr, G. T. Nguyen, M. Caesar, and N. Borisov. Cirripede: Circumvention infrastructure using router redirection with plausible deniability. In ACM Conference on Computer and Communications Security, 2011.

Digital Library

[10]

Q. Jia, H. Wang, D. Fleck, F. Li, A. Stavrou, and W. Powell. Catch me if you can: A cloud-enabled ddos defense. In IEEE/IFIP Dependable Systems and Networks, 2014.

Digital Library

[11]

J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy routing: Toward unblockable internet communication. In FOCI'11 - USENIX Workshop on Free and Open Communications on the Internet, 2011.

[12]

K. Mathiesen. Access to information as a human right. SRRN, Sept. 2008. http://dx.doi.org/10.2139/ssrn.1264666.

[13]

H. Mohajeri Moghaddam, B. Li, M. Derakhshani, and I. Goldberg. Skypemorph: Protocol obfuscation for tor bridges. In ACM Conference on Computer and Communications Security, 2012.

Digital Library

[14]

C. Morrell, J. Ransbottom, R. Marchany, and J. Tront. Scaling ipv6 address bindings in support of a moving target defense. In Internet Technology and Secured Transactions (ICITST), 2014.

[15]

C. Perkins. Securing mobile ipv6 route optimization using a static shared key. RFC 4449, RFC Editor, June 2006. http://www.rfc-editor.org/rfc/rfc4449.txt.

[16]

C. Perkins, D. Johnson, and J. Arkko. Mobility support in ipv6. RFC 6275, RFC Editor, July 2011. http://www.rfc-editor.org/rfc/rfc6275.txt.

[17]

M. Schuchard, J. Geddes, C. Thompson, and N. Hopper. Routing around decoys. In ACM Conference on Computer and Communications Security, 2012.

Digital Library

[18]

A. Stavrou, A. D. Keromytis, J. Nieh, V. Misra, and D. Rubenstein. Move: an end-to-end solution to network denial of service, 2005.

[19]

H. Wang, Q. Jia, D. Fleck, W. Powell, F. Li, and A. Stavrou. A moving target {DDoS} defense mechanism. Computer Communications, 46, 2014.

[20]

Z. Weinberg, J. Wang, V. Yegneswaran, L. Briesemeister, S. Cheung, F. Wang, and D. Boneh. Stegotorus: A camouflage proxy for the tor anonymity system. In ACM Conference on Computer and Communications Security, 2012.

Digital Library

[21]

P. Winter and S. Lindskog. How the great firewall of china is blocking tor. In Presented as part of the 2nd USENIX Workshop on Free and Open Communications on the Internet, Berkeley, CA, 2012. USENIX.

[22]

E. Wustrow, C. M. Swanson, and J. A. Halderman. TapDance: End-to-middle anticensorship without flow blocking. In USENIX Security Symposium.

Digital Library

[23]

E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman. Telex: Anticensorship in the network infrastructure. In USENIX Conference on Security, 2011.

Digital Library

Cited By

Hong QZhao YChang JDu YLi JZhai L(2022)Shock Trap: An active defense architecture based on trap vulnerabilities2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00011(24-31)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00011
Heydari V(2018)IP Hopping by Mobile IPv6Handbook of Cyber-Development, Cyber-Democracy, and Cyber-Defense10.1007/978-3-319-09069-6_49(983-1010)Online publication date: 6-Oct-2018
https://doi.org/10.1007/978-3-319-09069-6_49
Heydari VKim SYoo S(2017)Scalable Anti-Censorship Framework Using Moving Target Defense for Web ServersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.264721812:5(1113-1124)Online publication date: May-2017
https://doi.org/10.1109/TIFS.2016.2647218
Show More Cited By

Recommendations

Insider Threat Mitigation Using Moving Target Defense and Deception
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most ...
Moving Target Defense Against Injection Attacks
Algorithms and Architectures for Parallel Processing
Abstract
With the development of network technology, web services become more convenient and popular. However, web services are also facing serious security threats, especially SQL injection attack(SQLIA). Due to the diversity of attack techniques and the ...
CryptMTD: Cryptography Based Moving Target Defense System for Mobile Application
CNIOT '23: Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things

Mobile applications are vulnerable to attacks and information leakage due to various unknown vulnerabilities in mobile channels, terminals, and programs. Moving target defense (MTD) has emerged as a proactive defense technology against unknown attacks. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

April 2016

150 pages

ISBN:9781450337526

DOI:10.1145/2897795

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
John R. Goodall
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CISRC '16

CISRC '16: 11th Annual Cyber and Information Security Research

April 5 - 7, 2016

TN, Oak Ridge, USA

Acceptance Rates

CISRC '16 Paper Acceptance Rate 11 of 28 submissions, 39%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
162
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hong QZhao YChang JDu YLi JZhai L(2022)Shock Trap: An active defense architecture based on trap vulnerabilities2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00011(24-31)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00011
Heydari V(2018)IP Hopping by Mobile IPv6Handbook of Cyber-Development, Cyber-Democracy, and Cyber-Defense10.1007/978-3-319-09069-6_49(983-1010)Online publication date: 6-Oct-2018
https://doi.org/10.1007/978-3-319-09069-6_49
Heydari VKim SYoo S(2017)Scalable Anti-Censorship Framework Using Moving Target Defense for Web ServersIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.264721812:5(1113-1124)Online publication date: May-2017
https://doi.org/10.1109/TIFS.2016.2647218
Aceto GMontieri APescape A(2017)Internet censorship in Italy: An analysis of 3G/4G networks2017 IEEE International Conference on Communications (ICC)10.1109/ICC.2017.7996467(1-6)Online publication date: May-2017
https://doi.org/10.1109/ICC.2017.7996467
Heydari V(2017)IP Hopping by Mobile IPv6Handbook of Cyber-Development, Cyber-Democracy, and Cyber-Defense10.1007/978-3-319-06091-0_49-1(1-28)Online publication date: 11-Jul-2017
https://doi.org/10.1007/978-3-319-06091-0_49-1

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents