IPv6 Security with MT6D
Virginia Tech runs one of the few production scale IPv6 networks in the United States, with a network of more than 30,000 computing and communication systems. As owners of a system this size and the range of Users involved security is obviously an issue. And, being a university with all sorts of smart people around notably their IT Security Lab and the Bradley Department of Electrical and Computer Engineering they decided to do something about it. The result is MT6D (Moving Target IPv6 Defense (MT6D).
MT6D uses a new form of dynamic addressing in IPv6 to secure and “anonymize” network hosts and their communications. Exploiting the large address space in IPv6, MT6D rotates network and transport layer addresses mid-session to prevent hosts from being targeted for network attacks and from having their movements and communications observed.
MT6D can be implemented embedded on a device or as a network gateway requiring negligible configuration, and is therefore transparent to hosts so that it can be easily deployed in mobile devices, the smart grid, and industrial control systems (SCADA). Because the “secret sauce” to this security relies on rotating IP addresses those control applications that had relied on static IP addresses embedded in the associated ‘code’ will not be able to use this technology. MT6D is available for license with the target audience for these licenses being virtual private network (VPN) and mobile VPN vendors.
Make no mistake, security is serious business. A 2009 study found an average organizational cost of $6.75 million per data breach while the global information technology security market was estimated to be $60 billion in 2009 and growing at a compound annual growth rate of 12%.
More information on MT6D can be found at http://www.isssource.com/wp-content/uploads/2011/05/051111va-tech.pdf and http://www.isssource.com/students-secure-new-internet-protocol/