A keyed-hashing based self-synchronization mechanism for port address hopping communication  被引量：2

作　　者：Yue-bin LUO Bao-sheng WANG Xiao-feng WANG Bo-feng ZHANG 

机构地区：[1]College of Computer,National University of Defense Technology,Changsha 410073,China

出　　处：《Frontiers of Information Technology & Electronic Engineering》2017年第5期719-728,共10页信息与电子工程前沿（英文版）

基　　金：Project supported by the National Basic Research Program(973)of China(No.2012CB315906);the National Natural Science Foundation of China(No.61303264)

摘　　要：Port address hopping(PAH) communication is a powerful network moving target defense(MTD)mechanism. It was inspired by frequency hopping in wireless communications. One of the critical and difficult issues with PAH is synchronization. Existing schemes usually provide hops for each session lasting only a few seconds/minutes, making them easily influenced by network events such as transmission delays, traffic jams, packet dropouts, reordering, and retransmission. To address these problems, in this paper we propose a novel selfsynchronization scheme, called ‘keyed-hashing based self-synchronization(KHSS)'. The proposed method generates the message authentication code(MAC) based on the hash based MAC(HMAC), which is then further used as the synchronization information for port address encoding and decoding. Providing the PAH communication system with one-packet-one-hopping and invisible message authentication abilities enables both clients and servers to constantly change their identities as well as perform message authentication over unreliable communication mediums without synchronization and authentication information transmissions. Theoretical analysis and simulation and experiment results show that the proposed method is effective in defending against man-in-the-middle(MITM) attacks and network scanning. It significantly outperforms existing schemes in terms of both security and hopping efficiency.Port address hopping（PAH） communication is a powerful network moving target defense（MTD）mechanism. It was inspired by frequency hopping in wireless communications. One of the critical and difficult issues with PAH is synchronization. Existing schemes usually provide hops for each session lasting only a few seconds/minutes, making them easily influenced by network events such as transmission delays, traffic jams, packet dropouts, reordering, and retransmission. To address these problems, in this paper we propose a novel selfsynchronization scheme, called ‘keyed-hashing based self-synchronization（KHSS）＇. The proposed method generates the message authentication code（MAC） based on the hash based MAC（HMAC）, which is then further used as the synchronization information for port address encoding and decoding. Providing the PAH communication system with one-packet-one-hopping and invisible message authentication abilities enables both clients and servers to constantly change their identities as well as perform message authentication over unreliable communication mediums without synchronization and authentication information transmissions. Theoretical analysis and simulation and experiment results show that the proposed method is effective in defending against man-in-the-middle（MITM） attacks and network scanning. It significantly outperforms existing schemes in terms of both security and hopping efficiency.

关 键 词：Synchronization Port address hopping Moving target defense Network security 

分 类 号：TN914.41[电子电信—通信与信息系统]