Rizvi, ASM and Heidemann, John
ASM Rizvi and John Heidemann 2021. Chhoyhopper: A Moving Target Defense with IPv6. Poster abstract and poster at Annual Computer Security Applications Conference. [PDF]
Services on the public Internet are frequently scanned, then subject to brute-force and denial-of-service attacks. We would like to run such services stealthily, available to friends but hidden from adversaries. In this work, we propose a moving target defense named “Chhoyhopper” that utilizes the vast IPv6 address space to conceal publicly available services. The client and server hop to different IPv6 addresses in a pattern based on a shared, pre-distributed secret and the time of day. By hopping over a /64 prefix, services cannot be found by active scanners, and passively observed information is useless after two minutes. We demonstrate our system with the two important applications—SSH and HTTPS.
@misc{Rizvi21a, author = {Rizvi, {ASM} and Heidemann, John}, title = {Chhoyhopper: A Moving Target Defense with {IPv6}}, howpublished = {Poster abstract and poster at Annual Computer Security Applications Conference}, month = dec, year = {2021}, sortdate = {2021-12-07}, project = {ant, sabres}, jsubject = {network_security}, jlocation = {johnh: pafile}, keywords = {moving target, chhoyhopper, ipv6, ssh}, blogurl = {https://ant.isi.edu/blog/?p=1819}, url = {https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi21a.html}, pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Rizvi21a.pdf}, otherpdfurl = {https://ant.isi.edu/~rizvi/acsac-2021/chhoyhopper-abstract-and-poster.pdf} }