Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Defensive Resource Allocations with Security Chokepoints in IPv6 Networks

Published

Author(s)

Assane Gueye, Peter M. Mell, Richard Harang, Richard J. La

Abstract

Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which heightened security measures are deployed onto a select group of chokepoint hosts to enhance detection or deter penetration. Chokepoints are chosen such that, together, they connect small isolated clusters of the communication graph. Hence, attackers attempting to propagate are limited to a small set of targets or have to penetrate one or more chokepoints. Optimal placement of chokepoints requires solving an NP-complete problem and, hence, we approximate optimal solutions via a suite of heuristics. We test our algorithms on data from a large operational network and discover that heightened security measures are only needed on 0.65% of the nodes to restrict unimpeded attacker propagation to no more than 15% of the network.
Proceedings Title
Data and Applications Security and Privacy XXIX
Conference Dates
July 13-15, 2015
Conference Location
Fairfax, VA
Conference Title
Working Conference on Data and Applications Security and Privacy

Keywords

chokepoints, IPv6, moving target, vertex partitioning, security

Citation

Gueye, A. , Mell, P. , Harang, R. and La, R. (2015), Defensive Resource Allocations with Security Chokepoints in IPv6 Networks, Data and Applications Security and Privacy XXIX, Fairfax, VA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917943 (Accessed October 12, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 15, 2015, Updated February 19, 2017