The Blind Man´s Bluff Approach to Security Using IPv6

Most networks today employ static network defenses. The problem with static defenses is that adversaries have unlimited time to circumvent them. This article proposes a moving-target defense based on the Internet Protocol version 6 (IPv6) that dynamically obscures network-layer and transport-layer addresses. This technique can be thought of as "frequency hopping" in the Internet Protocol space. By constantly moving the logical location of a host on a network, this technique prevents targeted attacks, host tracking, and eavesdropping. The authors demonstrate the design\´s feasibility and functionality using prototypes deployed on Virginia Tech\´s campuswide IPv6 network.