Process for Establishing a Moving Target Connection By Sharing Only Publicly Available Information and a Method for Secure Communications Between Many Clients and a Server Using Moving Target IPV6 Defense (MT6D).

The primary limitation of most network based moving target solutions is that they rely purely on statically defined pre-shared information in order to establish connections. This pre-sharing does not scale when attempting to apply a moving target defense to a server that is providing services to a large number of clients. Scaling introduces problems of logistics and security. Logistically, it is extremely challenging to distribute and configure static information on a large number of systems that are distributed across the Internet without comprising the anonymity and security benefits of a moving target defense. Scaling a statically configured moving target defense is also vulnerable to information leakage, since the attack surface grows as more machines contain the pre-shared information. The technology introduced here provides the ability to conduct an exchange of key information that relies only on the exchange of publicly available cryptographic keying information. Applying a public key infrastructure based key exchange to a moving target defense allows us to not only support a large-scale server, but to also allow dynamic reconfiguration of our moving target sessions. This improves the privacy and security of the session by permitting flexibility where none existed before. Additionally, our technology gives the server the capability to maintain separate moving target defense sessions with each of its clients. By maintaining distinct sessions, the server can more easily react to potential compromises on a single client rather than disturbing the entire network.

Patent Information:
For Information, Contact:
Mike Miller
Senior Licensing Manager
Virginia Tech Intellectual Properties, Inc.
(540) 443-9228
Christopher Morrell
Reese Moore
Joseph Tront
Randolph Marchany