Run or Hide? Both! A Method Based on IPv6 Address Switching to Escape While Being Hidden

An increasing number of devices of our everyday life are referred to as connected objects. Most of them need an Internet connection, and are thus provided with a public IP address. With these IP addresses come new security threats as attackers may attempt to attack a whole family of objects. This problem becomes even more worrying when considering safety critical objects (.e. their failures can have catastrophic consequences). In this paper we propose a Moving Target Defense (MTD) technique at the network level, that consists in reassigning objects' IP addresses in order to escape from attackers both outside or inside the object's subnetwork. We propose different variants of this defense allowing for a trade-off between (i) increasing the security level, and (ii) lowering the network load overhead due to the defense. As opposed to existing works, we also define a method to maintain the objects' connectivity while reassigning IP addresses. A motivating example from the automotive domain is used to illustrate the applicability of this work.