The Moving Target IPv6 Defense (MT6D) dynamically obscures network and transport layer addresses of packets to achieve anonymity, including authentication privacy, as well as protection against address tracking and traffic correlation. MT6D is an improvement over prior static approaches where, once they have been assigned, addresses remain constant until a network session is terminated. Additionally, it protects against certain classes of network attacks including but not limited to address-based denial of service, replay, session hijacking, and man-in-the-middle attacks. MT6D also enables a host to automatically configure obscured addresses without outside involvement.
MT6D differs from other dynamic obscuration techniques by combining both intrusion protection with anonymity, avoiding the use of a separate management unit outside the host to distribute obscured addresses, as well as enabling operation without reauthentication whenever an address changes. It also enables hosts to compute addresses based on a set of parameters. This provides more entropy in address selection as well as more seamless communications compared to alternative approaches, such as those that rely on an enclave to issue addresses from a pool. MT6D also enables encryption of the packet payload to prevent traffic correlation. It can be implemented embedded on a host device or as a connected gateway device and requires negligible configuration and is therefore transparent to hosts. MT6D has numerous applications ranging from hosts desiring to keep their locations private to hosts conducting sensitive communications.