File preview
With Regional Advanced Technology Clusters
MOVING TARGET TRANSPARENCY RESEARCH AND DEVELOPMENT
W. E. Mounts, J.D., LL.M. Kevin Eveker, Ph.D.
Abstract—The National Collaborative Innovation Network (NCIN) provides a nationwide platform to support collaborative research and development across Regional Advanced Technology Clusters (RATC). The need for an NCIN capability was identified in a workshop which hosted RATC’s from across the United States. The initiative will employ a phased approach, first to the Northwest Advanced Robotics Clusters (NWARC) and the Southwest Innovation Cluster (SWIC) in supporting a secure network through the use of Virtual Dispersive Networking (VDN) technology, which is analogous to a “spread spectrum frequency hopping” for Internet Protocol (IP) based networks. A wide-area VDN comprised of a mixture of fixed and mobile edge devices (servers, PC’s, laptops, tablets, smart phones, etc.) provides the network operator the capability to maneuver in cyber space while controlling the tradeoffs between quality of service and security. Dispersion of IP traffic is achieved by inserting virtual machines on IP devices and registering them with a virtualized Presence Server as trusted peers while controlling signaling and routing between them. When two peers want to communicate they check in with the Presence Server. The Presence Server issues a Spread Spectrum Protocol that consists of: an IP address and port hopping scheme, which trusted peers use as deflect points, and the encryption/key management scheme to use on each path. This enables the marshaling of trusted peers to be used as deflects to spread the packets over multiple simultaneous paths while changing identity. Libraries of Spread Spectrum Protocols gives the network operator the ability modulate the traffic patterns as a function of time and makes use of any combination of available routes, IP
addresses, ports, and encryption keys. As a result, nodes become moving targets as IP traffic is dispersed across N independent routes and IP addresses with Port hopping schemes that vary as a function of time. Research has evaluated the effectiveness of this technology to improve both quality of service and security as tests have measured how latency and throughput are affected as the Spread Spectrum Protocols are changed. In addition, preliminary analysis conducted on how to intercept and interfere with VDN enabled IP traffic under an intrusion tolerance regime indicate that orders of magnitude of additional effort are required to intercept and interfere with VDN enabled traffic. Additional research should be conducted using initial key measures of effectiveness such as the attack’s progress as a function of time while quantifying the cost to the attacker. Metric calculations can include: (a) the percent of successful attacks/partially successful attacks; (b) the mean number of attack disruptions; (c) the time spent per hacking phase; (d) the duration of successful attacks; and (e) defensive efficiencies.
Index Terms— Communications Systems, DDoS, Internet Protocol, Moving Target, Peer-To-Peer, Regional Advanced Technology Clusters, Presence Server, Routing, Virtualization, Wireless, Spread Spectrum Frequency Hopping, Spread Spectrum Protocol, Virtual Dispersive NetworkingTM, Virtual Machine
MOVING TARGET TRANSPARENCY RESEARCH AND DEVELOPMENT
W. E. Mounts, J.D., LL.M. Kevin Eveker, Ph.D.
Abstract—The National Collaborative Innovation Network (NCIN) provides a nationwide platform to support collaborative research and development across Regional Advanced Technology Clusters (RATC). The need for an NCIN capability was identified in a workshop which hosted RATC’s from across the United States. The initiative will employ a phased approach, first to the Northwest Advanced Robotics Clusters (NWARC) and the Southwest Innovation Cluster (SWIC) in supporting a secure network through the use of Virtual Dispersive Networking (VDN) technology, which is analogous to a “spread spectrum frequency hopping” for Internet Protocol (IP) based networks. A wide-area VDN comprised of a mixture of fixed and mobile edge devices (servers, PC’s, laptops, tablets, smart phones, etc.) provides the network operator the capability to maneuver in cyber space while controlling the tradeoffs between quality of service and security. Dispersion of IP traffic is achieved by inserting virtual machines on IP devices and registering them with a virtualized Presence Server as trusted peers while controlling signaling and routing between them. When two peers want to communicate they check in with the Presence Server. The Presence Server issues a Spread Spectrum Protocol that consists of: an IP address and port hopping scheme, which trusted peers use as deflect points, and the encryption/key management scheme to use on each path. This enables the marshaling of trusted peers to be used as deflects to spread the packets over multiple simultaneous paths while changing identity. Libraries of Spread Spectrum Protocols gives the network operator the ability modulate the traffic patterns as a function of time and makes use of any combination of available routes, IP
addresses, ports, and encryption keys. As a result, nodes become moving targets as IP traffic is dispersed across N independent routes and IP addresses with Port hopping schemes that vary as a function of time. Research has evaluated the effectiveness of this technology to improve both quality of service and security as tests have measured how latency and throughput are affected as the Spread Spectrum Protocols are changed. In addition, preliminary analysis conducted on how to intercept and interfere with VDN enabled IP traffic under an intrusion tolerance regime indicate that orders of magnitude of additional effort are required to intercept and interfere with VDN enabled traffic. Additional research should be conducted using initial key measures of effectiveness such as the attack’s progress as a function of time while quantifying the cost to the attacker. Metric calculations can include: (a) the percent of successful attacks/partially successful attacks; (b) the mean number of attack disruptions; (c) the time spent per hacking phase; (d) the duration of successful attacks; and (e) defensive efficiencies.
Index Terms— Communications Systems, DDoS, Internet Protocol, Moving Target, Peer-To-Peer, Regional Advanced Technology Clusters, Presence Server, Routing, Virtualization, Wireless, Spread Spectrum Frequency Hopping, Spread Spectrum Protocol, Virtual Dispersive NetworkingTM, Virtual Machine