The primary limitation of most network based moving target solutions is that they rely purely on statically defined pre-shared information in order to establish connections. This pre-sharing does not scale when attempting to apply a moving target defense to a server that is providing services to a large number of clients. Scaling introduces problems of logistics and security. Logistically, it is extremely challenging to distribute and configure static information on a large number of systems that are distributed across the Internet without comprising the anonymity and security benefits of a moving target defense. Scaling a statically configured moving target defense is also vulnerable to information leakage, since the attack surface grows as more machines contain the pre-shared information. The technology introduced here provides the ability to conduct an exchange of key information that relies only on the exchange of publicly available cryptographic keying information. Applying a public key infrastructure based key exchange to a moving target defense allows us to not only support a large-scale server, but to also allow dynamic reconfiguration of our moving target sessions. This improves the privacy and security of the session by permitting flexibility where none existed before. Additionally, our technology gives the server the capability to maintain separate moving target defense sessions with each of its clients. By maintaining distinct sessions, the server can more easily react to potential compromises on a single client rather than disturbing the entire network.