Inventors of the Month - October 2016

This article was posted on: October 28, 2016

Randy Marchany and Joseph Tront

“Method for Dynamically Obscuring Internet Addresses”

The Office of the Vice President for Research and Innovation recognizes Randy Marchanyand Joseph Tront as Inventors of the Month for October-November 2016 for their invention, “Method for Dynamically Obscuring Internet Addresses,” disclosed to Virginia Tech Intellectual Properties Inc.

More and more, we are connecting everything to the Internet. From our watches to our automobiles to our refrigerators, it is now possible to control, or at least to connect to, nearly every device in our lives via an online portal such as our smart phones. And while this connectivity, often referred to as the “Internet of Things” or IoT, provides significant benefit, it comes with hidden threats in the way of increased opportunity for unauthorized intrusion, or hacking.

However, a research team including electrical and computer engineering professor Joe Tront and Randy Marchany, Virginia Tech’s information security officer, have devised a means of thwarting, or at least dramatically slowing down, the ability to obtain unauthorized access to these IOT devices. Distributed Denial of Service (DDoS) attacks have been using IoT devices as “soldiers” to attack and neutralize Internet sites. A well-known journalist’s website was knocked off the Internet by a DDoS attack that used hundreds of thousands of IoT devices to flood his site with excessive amounts of network traffic.

Tront and Marchany’s team developed a way to constantly change a targeted device’s network address to present a moving target to attackers of these systems. This technique is called Moving Target IPv6 Defense (MT6D).

“Defending against distributed denial of service attacks is a tough problem,” Marchany says. “On the one hand, you want to continuously change the address so the hackers can’t get in. However, two systems exchanging data can use MT6D to lessen the effects of a DDoS attack aimed at either of them.” Tront adds: “Once a targeted machine moves to a new IP address, it could take an attacker millions of years of searching to relocate the new IP address of the client being attacked.” The new scheme allows a conversing pair of clients to change addresses every few seconds, thus eluding DDoS attacks as well as providing a well-hidden and private conversation.

Their method was recently granted US patent number 9,461,875. The technology is currently under negotiation for a license to a company who wants to begin selling products based on this technology within the next 12 to 18 months.

 

 

Fig. 1 Five different two-client conversations taking place via MT6D.

Fig. 2 The same five conversations still taking place after seamlessly hopping to new IPv6 address. Conversation privacy is guaranteed by virtue of the fact that the new IP address pairs are randomly selected from a set containing 10**38 addresses. This large address space makes it virtually impossible for an attacker to guess the new IP addresses at each IP hop.

Fig. 3 Two simultaneous video streams from the same camera. One video stream is transmitted through MT6D; the other is not. Comparison of the still image or the video shows that the delay introduced by MT6D is imperceptible on this data transfer.

logo for VTIP

 

 

VTIP facilitates the licensing of technology to companies, encourages new faculty startup ventures, works with publishers and distributors of software, and supports the transfer of research and knowledge to other universities, research institutes and companies.


Virginia Tech Intellectual Properties
Campus Mail Code 0459
2200 Kraft Drive, Suite 1050
Blacksburg, VA 24060

www.vtip.org


PATENT APPLICATIONS