Stephen Groat | Virginia Tech (original) (raw)

Papers by Stephen Groat

Current implementations of the Internet Protocol version 6 (IPv6) use stateless address auto conf... more Current implementations of the Internet Protocol version 6 (IPv6) use stateless address auto configuration (SLAAC) to assign network addresses to hosts. This technique produces a static value determined from the Media Access Control (MAC) address as the host portion, or interface identifier (IID), of the IPv6 address. Some implementations create the IID using the MAC unobscured, while others compute a onetime hash value involving the MAC. As a result, the IID of the address remains the same, regardless of the network the node accesses. This IID assignment provides third parties (whether malicious or not) with the ability to track a node's physical location by using simple tools such as ping and traceroute. Additionally, the static IID provides a means to correlate network traffic with a specific user through simple traffic analysis. We examine the techniques used to create autoconfigured addresses. We also discuss how these techniques violate a user's privacy. The serious br...

L'invention masque dynamiquement les adresses de couche reseau et transport des paquets pour ... more L'invention masque dynamiquement les adresses de couche reseau et transport des paquets pour obtenir l'anonymat, en incluant la confidentialite d'authentification, ainsi que la protection contre le suivi et la correlation de trafic et certaines classes d'attaques de reseau en combinant protection contre les intrusions et anonymat, en evitant l'utilisation d'une unite de gestion separee a l'exterieur de l'hote pour la distribution des adresses masquees. L'invention permet a un hote de configurer automatiquement les adresses masquees et de determiner l'adresse masquee du destinataire prevu sans interventions exterieures, en calculant les adresses a partir d'un jeu de parametres, et de fonctionner sans nouvelle authentification lorsqu'une adresse change. L'invention permet de chiffrer la charge utile de paquets pour prevenir la correlation de trafic. La technologie de l'invention peut etre mise en œuvre soit en etant integree a un...

The goal of our research is to protect sensitive communications, which are commonly used by gover... more The goal of our research is to protect sensitive communications, which are commonly used by government agencies, from eavesdroppers or social engineers. In prior work, we investigated the privacy implications of stateless and stateful address autoconfiguration in the Internet Protocol version 6 (IPv6). Autoconfigured addresses, the default addressing system in IPv6, provide a third party a means to track and monitor targeted users globally using simple tools such as ping and traceroute. Dynamic Host Configuration Protocol for IPv6 (DHCPv6) addresses contain a static DHCP Unique Identifier (DUID) that can be used to track and tie a stateless address to a host identity. Our research focuses on preventing the issue of IPv6 address tracking as well as creating a “moving target defense.” The Moving Target IPv6 Defense (MT6D) dynamically hides network and transport layer addresses of packets in IPv6 to achieve anonymity and protect against certain classes of network attacks. Packets are e...

Due to an exponentially larger address space than Internet Protocol version 4 (IPv4), the Interne... more Due to an exponentially larger address space than Internet Protocol version 4 (IPv4), the Internet Protocol version 6 (IPv6) uses new methods to assign network addresses to Internet nodes. StateLess Address Auto Configuration (SLAAC) creates an address using a static value derived from the Media Access Control (MAC) address of a network interface as host portion, or interface identifier (IID). The Dynamic Host Configuration Protocol version 6 (DHCPv6) uses a client-server model to manage network addresses, providing stateful address configuration. While DHCPv6 can be configured to assign randomly distributed addresses, the DHCP Unique Identifier (DUID) was designed to remain static for clients as they move between different DHCPv6 subnets and networks. Both the IID and DUID are static values which are publicly exposed, creating a privacy and security threat for users and nodes. The static IID and DUID allow attackers to violate unsuspecting IPv6 users’ privacy and security with ease...

Current implementations of the Internet Protocol version 6 (IPv6) use stateless address auto conf... more Current implementations of the Internet Protocol version 6 (IPv6) use stateless address auto configuration (SLAAC) to assign network addresses to hosts. This technique produces a static value determined from the Media Access Control (MAC) address as the host portion, or interface identifier (IID), of the IPv6 address. Some implementations create the IID using the MAC unobscured, while others compute a onetime hash value involving the MAC. As a result, the IID of the address remains the same, regardless of the network the node accesses. This IID assignment provides third parties (whether malicious or not) with the ability to track a node’s physical location by using simple tools such as ping and traceroute. Additionally, the static IID provides a means to correlate network traffic with a specific user through simple traffic analysis. We examine the techniques used to create autoconfigured addresses. We also discuss how these techniques violate a user’s privacy. The serious breaches i...

2011 World Congress on Internet Security (WorldCIS-2011)

Architectures for Networking and Communications Systems, 2013

Systems and network defenses currently implementing a Defense in Depth (DiD) strategy frequently ... more Systems and network defenses currently implementing a Defense in Depth (DiD) strategy frequently slow attackers' progress but do not act as a secure barrier. These systems of network defense methods are primarily comprised of static defenses focused on preventing attacks from entering a network by enabling the features of blocking access, requiring authentication, or analyzing traffic. To adapt to the ever-changing threat profile of network attacks, the DiD model must be adapted to be symmetric and focus on new ...

As computing becomes mobile and systems enable connectivity through mobile applications, the char... more As computing becomes mobile and systems enable connectivity through mobile applications, the characteristics of the network communication of these systems change due to the instability of mobile nodes on networks. Mobile devices logically move by changing addresses throughout the course of their communication in the system. These mobiles nodes acquire characteristics of a moving target defense, in which nodes change addresses to avoid detection and attack. Yet, as mobile nodes change addresses, the critical points in the system that applications are set to communicate with, such as servers, cloud services, and peer registration servers, remain static and become easily identifiable. Mobile-enabled systems are beginning to model heterogeneous moving target networks, in which some nodes move while others remain static. Heterogeneous moving target networks expose relationships and dependencies between nodes, helping an attacker easily identify the static, critical nodes within a mobile-enabled system. Homogeneous moving target networks, in which all nodes change addresses, mask the critical points within the system, blending the mobile nodes with the critical, static nodes, and provide additional security for the static nodes. By applying a moving target defense to all nodes within a mobile-enabled system, the critical points can be masked and additional security can be provided.

Abstract As protection against the current privacy weaknesses of StateLess Address Auto Configura... more Abstract As protection against the current privacy weaknesses of StateLess Address Auto Configuration (SLAAC) in the Internet Protocol version 6 (IPv6), network administrators may choose to deploy the new Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Similar to the Dynamic Host Configuration Protocol (DHCP) for Internet Protocol version 4 (IPv4), DHCPv6 uses a clientserver model to manage addresses for networks, providing stateful address assignment. While DHCPv6 can be configured to assign randomly distributed ...

Phishing attacks continue to plague users as attackers develop new ways to fool users into submit... more Phishing attacks continue to plague users as attackers develop new ways to fool users into submitting personal information to fraudulent sites. Many schemes claim to protect against phishing sites. Unfortunately, most do not protect against zero-day phishing sites. Those schemes that do allege to provide zero-day protection, often incorrectly label both phishing and legitimate sites. We propose a scheme that protects against zero-day phishing attacks with high accuracy. Our approach captures an image of a page, uses optical character recognition to convert the image to text, then leverages the Google PageRank algorithm to help render a decision on the validity of the site. After testing our tool on 100 legitimate sites and 100 phishing sites, we accurately reported 100% of legitimate sites and 98% of phishing sites.

ABSTRACT As systems and networks begin to transition to the Internet Protocol version 6 (IPv6), t... more ABSTRACT As systems and networks begin to transition to the Internet Protocol version 6 (IPv6), the immense address space available in the new protocol allows for devices to maintain multiple addresses and to change addresses frequently. These new capabilities encourage network layer moving target defenses in IPv6.

… (ISGT), 2012 IEEE …, Jan 1, 2012

Abstract As advanced Internet Protocol (IP)-based communication systems are proposed for the Smar... more Abstract As advanced Internet Protocol (IP)-based communication systems are proposed for the Smart Grid, security solutions must be developed which address not only the security of the communications, but also the security of the communicating systems. To support the large number of hosts required for the Smart Grid on an IP network, the new Internet Protocol version 6 (IPv6) must be leveraged. Unfortunately, IPv6 inherits the majority of Internet Protocol version 4 (IPv4) vulnerabilities as well as adds new address-based exploits. The ...

… and Reliability (NASNIT), …, Jan 1, 2011

Abstract As protection against the current privacy weaknesses of StateLess Address AutoConfigurat... more Abstract As protection against the current privacy weaknesses of StateLess Address AutoConfiguration (SLAAC) in the Internet Protocol version 6 (IPv6), network administrators may choose to deploy the new Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Similar to the Dynamic Host Configuration Protocol (DHCP) for the Internet Protocol version 4 (IPv4), DHCPv6 uses a client-server model to manage addresses in networks, providing stateful address assignment. While DHCPv6 can be configured to assign randomly ...

Security & Privacy, …, Jan 1, 2012

Abstract Most networks today employ static network defenses. The problem with static defenses is ... more Abstract Most networks today employ static network defenses. The problem with static defenses is that adversaries have unlimited time to circumvent them. This article proposes a moving-target defense based on the Internet Protocol version 6 (IPv6) that dynamically obscures network-layer and transport-layer addresses. This technique can be thought of as" frequency hopping" in the Internet Protocol space. By constantly moving the logical location of a host on a network, this technique prevents targeted attacks, host tracking, and ...

… 2011-MILCOM 2011, Jan 1, 2011

Abstract The Internet Protocol version 6 (IPv6) brings with it a seemingly endless supply of netw... more Abstract The Internet Protocol version 6 (IPv6) brings with it a seemingly endless supply of network addresses. It does not, however, solve many of the vulnerabilities that existed in Internet Protocol version 4 (IPv4). In fact, privacy-related crimes in IPv6 are made easier due to the way IPv6 addresses are formed. We developed a Moving Target IPv6 Defense (MT6D) that leverages the immense address space of IPv6. The two goals of MT6D are maintaining user privacy and protecting against targeted network attacks. These goals are achieved by ...

ICN 2011, The Tenth …, Jan 1, 2011

… Networks and Services …, Jan 1, 2011

Abstract As more network-capable devices are developed, it becomes easier for us to remain connec... more Abstract As more network-capable devices are developed, it becomes easier for us to remain connected to our friends, colleagues, and even our homes. Unfortunately, it becomes easier for unintended third parties to remain connected to us as well. The impact of this has been limited by our proximity to the third party (ie the same local area network)--until now. The Internet Protocol version 6 (IPv6) includes a method for devices to automatically configure their own addresses. This technique relieves some administrative burden, but ...

Current implementations of the Internet Protocol version 6 (IPv6) use stateless address auto conf... more Current implementations of the Internet Protocol version 6 (IPv6) use stateless address auto configuration (SLAAC) to assign network addresses to hosts. This technique produces a static value determined from the Media Access Control (MAC) address as the host portion, or interface identifier (IID), of the IPv6 address. Some implementations create the IID using the MAC unobscured, while others compute a onetime hash value involving the MAC. As a result, the IID of the address remains the same, regardless of the network the node accesses. This IID assignment provides third parties (whether malicious or not) with the ability to track a node’s physical location by using simple tools such as ping and traceroute. Additionally, the static IID provides a means to correlate network traffic with a specific user through simple traffic analysis. We examine the techniques used to create autoconfigured addresses. We also discuss how these techniques violate a user’s privacy. The serious breaches i...