MPD: Moving Target Defense through Communication Protocol Dialects

by   Yongsheng Mei, et al.

Communication protocol security is among the most significant challenges of the Internet of Things (IoT) due to the wide variety of hardware and software technologies involved. Moving target defense (MTD) has been adopted as an innovative strategy to solve this problem by dynamically changing target system properties and configurations to obfuscate the attack surface. Nevertheless, the existing work of MTD primarily focuses on lower-level properties (e.g., IP addresses or port numbers), and only a limited number of variations can be generated based on these properties. In this paper, we propose a new approach of MTD through communication protocol dialects (MPD) - which dynamically customizes a communication protocol into various protocol dialects and leverages them to create a moving target defense. Specifically, MPD harnesses a dialect generating function to create protocol dialects and then a mapping function to select one specific dialect for each packet during communication. To keep different network entities in synchronization, we also design a self-synchronization mechanism utilizing a pseudo-random number generator with the input of a pre-shared secret key and previously sent packets. We implement a prototype of MPD and evaluate its feasibility on standard network protocol (i.e., File Transfer Protocol) and internet of things protocol (i.e., Message Queuing Telemetry Transport). The results indicate that MPD can create a moving target defense with protocol dialects to effectively address various attacks - including the denial of service attack and malicious packet modifications - with negligible overhead.


page 13

page 16


A Framework for Server Authentication using Communication Protocol Dialects

In today's world, computer networks have become vulnerable to numerous a...

SOM-based DDoS Defense Mechanism using SDN for the Internet of Things

To effectively tackle the security threats towards the Internet of thing...

Long-Lived LoRa: Prolonging the Lifetime of a LoRa Network

Prolonging the network lifetime is a major consideration in many Interne...

A Game-Theoretic Approach for Enhancing Security and Data Trustworthiness in IoT Applications

Wireless sensor networks (WSNs)-based internet of things (IoT) are among...

Chhoyhopper: A Moving Target Defense with IPv6

Services on the public Internet are frequently scanned, then subject to ...

Proactive Defense for Internet-of-Things: Integrating Moving Target Defense with Cyberdeception

Resource constrained Internet-of-Things (IoT) devices are highly likely ...

Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks

Embedded Network Stacks (ENS) enable low-resource devices to communicate...

Please sign up or login with your details

Forgot password? Click here to reset