Figure 8 - uploaded by Dorene Ryder
Content may be subject to copyright.
Source publication
The DARPA Information Assurance Program did initial research in
the area of dynamic network defense, trying to prove that dynamic
network reconfiguration would inhibit an adversary's ability to gather
intelligence, and thus degrade the ability to successfully launch an
attack. A technique that enabled dynamic network address translation of
the IP a...
Context in source publication
Context 1
... size of 32 bits. This enabled both the class-B host address and the port information to fit inside a single 32-bit encryption block. A property of a strong symmetric block cipher such as RC5 is that each bit in the encrypted result is a function of every bit in the original plaintext. By encrypting both the IP address and the TCP/UDP ports in the same 32-bit encryption block, the translated IP address and port values become tightly coupled. As an example, a one-off difference in either the plaintext port or the address value among two datagrams would result in a significant difference in both the translated port and address values. This implies that an adversary would have to know both the encrypted port and address values in order to "sneak a packet" into the server enclave, and even then it would only apply to the services on that specific port. This has the effect of denying broad-ranging port scans and a large set of other common attacks. For this intrusion detection experiment, the network setup was identical to that of the experiment described in Section 4. However, the gateway software was modified to log receipt of "bad" packets, i.e., those packets which would not map onto a known server machine or port. This modification enabled the DYNAT gateway to operate as an intrusion detection sensor, highly sensitive to port scans or other unauthorized host/service-oriented activity. The red team launched three types of attacks against the network — scanning, denial of service, and session hijacking — with the following results: 5.3.1. Scans and Network Mapping. The red team began their attack set with a SYN scan of the entire Class B (10.200.0.0) address space hosting the critical server. They used a publicly available hacker tool called “ nmap ” to send “ bare ACKs ” to each address, expecting to get reset messages back from live hosts. The IP addresses are selected randomly from the Class B space. Once a reset message is received indicating a live host, nmap then begins a TCP SYN scan of the port range on the live host, again in random order. The ACK scans and SYN scans are continued in an alternating fashion. For the static configuration, the entire Class B address space was scanned, the primary server beetle was located, and all live ports were identified. The entire process took fifteen minutes. Over 400 packets went through the system in this attack. IDS 1 returned the following results: • no detection of the ACK scan; • 2 port scan alerts (security events); • 10 connection attempt alerts. For the dynamic configuration, a scan of the entire Class B address space was attempted, starting with port 80, but the live host was never identified. With DYNAT enabled, each packet header is pulled apart, and the IP and ports are reassigned to other numbers using the switching algorithm. While nmap thinks it is consistently trying port 80 over the entire Class B address space, it is actually trying random combinations of IP addresses and port numbers. It is statistically possible for one of those combinations to hit on a live host and enabled port and return a reset to nmap, but that information is time limited. DYNAT also translates packets being returned to the “ outside ” network. During this attack, the nmap ACK scan by chance hit on a live IP/port combination (10.200.25.246), and then DYNAT translated the address so the reset appeared to come from 10.200.0.0 (the broadcast address). Then nmap proceeded to SYN scan the entire port range on 10.200.24.246. It spent fifteen hours looking for live ports before the attack was manually stopped. IDS 2, which was configured to operate best under dynamic conditions, reported the following results at the end of the attack: 1,603 SYN Flood alerts (because DYNAT was remapping IP addresses and TCP port numbers, the ID tool was seeing what appeared to be a SYN flood, although in reality it was an ACK scan) • 48,395 connection events reported instantaneously • Numerous security events reported thousands of packets into the scan The intrusion detection features of DYNAT reported alerts for each of the red team packets. These alerts were caused by red team packets being translated to invalid IP/port combinations for the current topology or for the previous mapping scheme. Over 1.9 million packets went through the system over the 15-hour scanning period. The IDS ’ s GUI “ froze ” due to the high level of packets being processed. Furthermore, the numbers presented above actually only represent a fraction of the detections as the log files on the commercial IDS overwrites itself when filled. In this case, it was overwritten numerous times during the 15 hours. The two key results here are that the nmap tool was essentially useless to the adversary, and the adversary ’ s scan was extremely noisy and caused the IDS to react strongly. It is safe to say that DYNAT changed the adversary ’ s behavior in this attack. Table 1 presents scan data for both the static and dynamic runs. Figure 8 presents the results graphically to clarify what the IDS saw. In the static case, the IP address and port number ranges are scanned in a clear fashion. In the dynamic case, the IP/port combinations are pulled apart and translated using the time-based algorithm to random combinations all over the space. Figure 9 presents the results of what the IDS saw in a time-based graph. 5.3.2. Denial of Service Attack. The red team next launched a denial of service (DoS) attack against beetle to consume it ’ s CPU using the readily available hacker tool “ Stream.c. ” This tool launches so-called “ high touch ” packets, which are defined as “ those requiring significant handling by the target. ” Using a sniffer to decode the packets, it was deduced that the packets launched towards beetle were TCP NULL packets (no bits set in the TCP header), with the IP type of service field set to “ 8 ” (high throughput). The source IP address and port number of all packets was spoofed randomly, but all were launched against port 80 on beetle. In the static case, the red team located the server beetle and used Stream.c to launch packets against beetle at a rate of 5,700 packets per second. As expected, all packets “ hit ” the server. IDS 1 reported two alerts for each red team packet, totaling 50,000 detections. The first was a security event, and the second was a connection event. The timing of the IDS alerts lagged significantly behind the actual time of the event because the IDS system was heavily loaded by logging the activity. The IDS GUI also froze, but all packets continued to be logged to the database. In the dynamic case, the red team again launched Stream.c against the critical server, beetle , at 5,700 packets per second. Because the red team had sniffed traffic to locate beetle , by the time they launched the attack, DYNAT had gone through another remapping cycle so that all packets destined for the known IP and port were remapped to a random IP/port combination. Thus, no red team packets reached beetle . Theoretically, if the red team had launched their attack prior to remapping occurring, those packets would have hit beetle during the time window before the remapping. IDS 2 again reported two alerts for each red team packet (security event and connection event), totaling 50,000 alerts at the end of the attack. Again, the GUI froze, but the database continued to log all alerts. The DYNAT intrusion detection tool reported one alert for each red team packet. 5.3.3 TELNET Hijacking. The red team used a program called “ hunt ” to launch a TELNET hijacking attack. Through traffic analysis, they learned the MAC addresses of the router vortex and of the Gauntlet firewall protecting the ia0106 LAN. They then sent vortex an unsolicited “ ARP reply ” showing their own MAC address corresponding with the firewall ’ s IP address. Since vortex believed this IP address was the next hop along the way to the ia0106 LAN, it sent all ensuing packets to the red team ’ s host. The red team was then able to modify, insert, delete, and read all packets at will. They then forwarded the packets to the firewall for delivery to beetle . In the static case, the red team had unlimited time to identify and hijack the TELNET session. As expected, the IDS did not detect the attack. In the dynamic case, the red Team was again able to identify the TELNET session and hijack it. The IDS did not detect this, and neither did the DYNAT IDS. When a remapping occurred, the hijacked connection broke, generating a “ DYNAT_BOUNDARY ” alert. It is hypothesized that if TCP sessions were maintained across DYNAT rollovers, the false positives would go away and the hijack would be detected. Overall, with dynamic network reconfiguration, the hijacked sessions were time limited. The adversary ’ s scans, denial of service attacks, and telnet hijacking attacks were readily detected when dynamic network configuration was used. Due to the IP/port remapping, the adversary was led to take actions that were more apparent in the normal network traffic, and the commercial IDSs were easily configured to watch for these actions. The experimental hypothesis, “ Dynamic and hence improve system assurance, ” was in fact supported. Further, we conclude that during the scanning attack, the dynamic network address translation tool: • eliminated the adversary ’ s ability to successfully conduct active scanning; • made passive sniffing difficult and time limited; • enabled different intrusion detection configurations to detect many scans immediately; and • detected all attacks immediately itself. It can be concluded that, during the denial of service attacks, DYNAT: • successfully protected the server; and • allowed only authorized traffic to connect to server. It can be concluded that, during the session hijacking attacks, the time-based dynamic network address translation mechanism: • does not prevent hijacking, but does make it time- limited; and • can detect hijacks itself at ...
Similar publications
In this paper we develop an open multiclass queuing network model to describe the behavior of short-lived TCP connections
sharing a common IP network for the transfer of TCP segments. The queuing network model is paired with a simple model of the
IP network, and the two models are solved through an iterative procedure. The combined model needs as i...
Named Data Networking (NDN) is a network architecture for the Future Internet, and can cooperate with the Internet of Things (IoT) to tackle problems existing in the current IP/TCP network architecture. Its consumer-driven paradigm and generic cache could optimize content distribution performance. However, there are still some problems to be dealt...
Multihoming will be preferred by end sites in the future IPv6 Internet. One reason for that is pursuing lower cost and higher performance. Since the proposed shim6 is designed to support multihomed sites delivering packets through multipath, we could optimize cost and performance for concurrent multipath transferring in the TCP layer using extended...
In this paper we present a technique for specifying and verifying communications protocols and demonstrate this approach by specifying and verifying two of the fundamental communications protocols, namely TCP and IP, which form the basis of many distributed systems. The logical formalism used is Mixed Intuitionistic Linear Logic in order to use bot...
Ensuring end-to-end reliability in wireless networks is challenging, especially because of unpredictability of the node’s location, random changes in topology and sequential transmission nature of the physical layer. Mobile Ad hoc Networks (MANETs), a type of wireless network, are currently managed at higher layers using
transport and network proto...
Citations
... As a result, the typical information asymmetry between an attacker who may take as much time as needed to prepare an attack, and the defender who must be prepared at all times, shifts in favor of the defender, which is why MTD is frequently introduced as a "game changer" in IT security [12,16,18,43]. Frequently cited MTD techniques are, for example, IP address randomization [11,20,26,28,33], suggesting to repeatedly alter addresses of connected nodes, as well as virtual machine (VM) migration [1,3,5,18,24], a technique that has been proposed in different forms and suggests repeated relocation of VMs across hypervisors to move them out of the attacker's reach. A comprehensive overview of MTD techniques can be found in the recent survey from Cho et al. [13]. ...
... To put findings into perspective, the same defenses as in prior research [8] are investigated. These comprise IP address randomization [11,20,26,28,33] (short: IP shuffling), state-preserving VM migration [1,5,24] which we denote as live migration, stateresetting VM migration [3,18] denoted as cold migration, as well as sole VM resetting. The first three are frequently proposed and discussed MTD techniques for which even prototypical implementations have been suggested. ...
... In addition, we also run simulations with no defense to put performance of the different defenses into perspective. IP shuffling is one of the most frequently suggested Moving Target Defenses [11,20,26,28,33], advocating the repeated change of IP addresses of communicating entities. The general concept of changing network addresses as a means of defense is often referred to as network address space randomization (NASR) and may also comprise ports, and in rare cases even MAC addresses [29]. ...
With numbers of exploitable vulnerabilities and attacks on networks constantly increasing, it is important to employ defensive techniques to protect one’s systems. A wide range of defenses are available and new paradigms such as Moving Target Defense (MTD) rise in popularity. But to make informed decisions on which defenses to implement, it is necessary to evaluate their effectiveness first. In many cases, the full impact these techniques have on security is not well understood yet. In this paper we propose network defense evaluation based on detailed attack simulation. Using a flexible modeling language, networks, attacks, and defenses are described in high detail, yielding a fine-grained scenario definition. Based on this, an automated instantiator generates a wide range of realistic benchmark networks. These serve to perform simulations, allowing to evaluate the security impact of different defenses, both quantitatively and qualitatively. A case study based on a mid-sized corporate network scenario and different Moving Target Defenses illustrates the usefulness of this approach. Results show that virtual machine migration, a frequently suggested MTD technique, more often degrades than improves security. Hence, we argue that evaluation based on realistic attack simulation is a qualified approach to examine and verify claims of newly proposed defense techniques.
... 介绍了基于轮换的 MTD 技术,但这些 介绍侧重于描述 MTD 的发展, 没有详细介绍网 络层跳变技术,因此本文综述了面向网络层的 动态跳变技术。 网络层动态跳变技术的发展脉络如图 1 所 示。2001 年,美国国防高级防御研究计划局在信 息安全项目中首次提出了基于 IP 跳变的动态地 址转换技术 [5] ,之后国内外研究机构持续跟进, 相继提出 APOD [6] 、MT6D [7] 、RHM [8] 、端地址跳 变 [9] 等网络层跳变技术,这些技术部署于传统网 络,需要解决终端之间同步问题,以及部署跳变 系统带来的性能损失问题。因此,软件定义网络 (SDN) 的兴起为网络层动态跳变技术的发展带来 了革命性的转变,2012 年,网络层跳变技术首次 被应用于软件定义网络,并在该技术的基础上涌 图 1 网络层动态跳变技术的发展脉络 Figure 1 The development context of network layer dynamic hopping technology [24] 提出了网络地址随机化 (NASR, network address space randomization)技术,其通 Table 3 The key model of network layer hopping technology and its advantages and disadvantages ...
Firstly, the basic concept of network layer hopping technology was introduced and the security threats it faced were given. Then, two type of models and communication methods of network layer hopping technology based on traditional networks and software-defined networks were given. And the network layer hopping technology was classified from three aspects of hopping attributes, the method of hopping realization and the method of hopping trigger, two evaluation models of network layer hopping were given. Finally, the problems that still exist in the network layer hopping technology and the corresponding development direction were summarized.
... e DARPA Information Assurance Program did initial research in the area of dynamic network defense for the purpose of confusing any would-be adversaries sniffing the network [12]. us, network defense technique transforms from "passive defense" to "proactive defense" and networkbased MTD comes into being. ...
... Next, we calculate the max-flow of c S,D using the Hao-Orlin algorithm [27] in step (5), and calculate the max-flow of f s S,D and transform it into ω s S,D based on eorem 1 in steps (6)- (8). en, we construct network security capacity matrix Q[sc S,D ] n×n in step (9), and screen out the possible forwarding paths in Q[sc S,D ] n×n by the forwarding path delay constraint and the forwarding path accessibility constraint in steps (10)- (12). Finally, we rank the alternative combinations of mutation path and mutation period in steps (13) and (14), and return the optimal one to achieve the maximum defense benefits in step (15). ...
Static characteristics of supervisory control and data acquisition (SCADA) system are often exploited to perform malicious activities on smart grids. Most of the time, the success of cyberattacks begins with the profiling of the target system and follows by the analysis of the limited resources. To alleviate the asymmetry between attack and defense, network-based moving target defense (MTD) techniques have been applied in the network system to defend against cyberattacks by constructing a dynamic attack surface to the adversary. In this paper, we propose a novel MTD technique based on adaptive forwarding path migration (AFPM) that focuses on improving the defense capability and optimizing the network performance of path mutation. Considering the transient problems present in path mutation caused by the dynamic switching of the forwarding path, we formalize the mutation constraints based on the satisfiability modulo theory (SMT) to select the mutation path. Considering the limited defense capability of path mutation owing to the traditional mutation selection mechanism, we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period. Finally, we compare and analyze various cyber defense techniques used in the SCADA network and demonstrate experimentally that our MTD technique can prevent more than 92% of passive monitoring under specified conditions while ensuring the quality of service (QoS) to be almost the same as the static network.
... Traditional IP address randomization techniques such as DHCP [30] or NAT [31] do not develop the potential of IP randomization in network defense completely for the reasons of infrequency and traceability [2]. IP hopping technologies were firstly proposed and developed in legacy network. ...
Scanning attack is normally the first step of many other network attacks such as DDoS and propagation worm. Because of easy implementation and high returns, scanning attack especially cooperative scanning attack is widely used by hackers, which has become a serious threat to network security. In order to defend against scanning attack, this paper proposes an adaptive IP hopping in software defined network for moving target defense (MTD). In order to accurately respond to attacker’s behavior in real time, a light-weight convolutional neural network (CNN) detector composed of three convolutional modules and a judgment module is proposed to sense scanning attack. Input data of the detector is generated via designed packets sampling and data preprocess. The detection result of the detector is used to trigger IP hopping. In order to provide some fault tolerance for the CNN detector, IP hopping can also be triggered by a preset timer. The CNN driving adaptability is applied to a three-level hopping strategy to make the MTD system optimize its behavior according to real time attack. Experiments show that compared with existing technologies, our proposed method can significantly improve the defense effect to mitigate scanning attack and its subsequent attacks which are based on hit list. Hopping frequency of the proposed method is also lower than that of other methods, so the proposed method shows lower system overhead.
... By hiding the authentic IP address of the protected server, attackers can hardly initialize an attack from an outside network environment. Kewley et al. [24] proposed to reduce network reconnaissance attacks by obfuscating network packet headers. When attackers receive network sniffing responses, the network properties obtained from packets are not correct. ...
Moving Target Defense (MTD) was proposed as a promising defense paradigm to introduce various uncertainties into computer systems, which can greatly raise the bar for the attackers. Currently, there are two classes of MTD research over computer system, system level MTD and network level MTD. System level MTD research introduces uncertainties to various aspects of computer systems; while network level MTD research brings unpredictability of network properties to the target network. A lot of network level MTD research has been proposed, which covers various aspects of computer network. However, the existing MTD approaches usually target on one aspect of computer network, and most of them are designed against a certain network security threat. They can hardly defend against complex attacks or provide complicated protections. In this paper, we propose Shoal, a Moving Target Defense engine with multiple MTD strategies over SDN networks.By applying hybrid and multiple network level MTD methods, Shoal is capable of providing complicated protections and defending advanced attacks. We evaluate Shoal in two advanced protection scenarios, moving target surface and Crossfire attack. The evaluation results, in term of security effectiveness and performance cost, show the protection provided by Shoal’s hybrid MTD methods is effective and the performance cost is relatively low.
... Attackers usually need a certain amount of time to collect target host information, determine the scope of the attack. The research [5] shows that 95% of the enemy's time is spent preparing for an attack, while only 5% of the time is spent executing the attack. Changing the combination of the executor is expected to introduce uncertainty for the attacker and make the reconnaissance effort more costs. ...
Traditional defensive techniques are usually static and passive, and appear weak to confront highly adaptive and stealthy attacks. As a novel security theory, Cyberspace Mimic Defense (CMD) creates asymmetric uncertainty that favors the defender. CMD constructs multiple executors which are diverse functional equivalent variants for the protected target and arbitral mechanism. In this way, CMD senses the results of current running executors and changes the attack surface. Although CMD enhances the security of systems, there are still some critical gaps with respect to design a defensive strategy under costs and security. In this paper, we propose a dual model to dynamically select the number of executors being reconfigured according to the states of the executors. First, we establish a Markov anti-attack model to compare the effects of CMD under different types of attack. Then, we use a dynamic game of incomplete information to determine the optimal strategy, which achieves the balance of the number of reconfiguration and security. Finally, experimental results show that our dual model reduces defensive costs while guarantees security.
... The first research predates the discussions that lead to the creation of MTD [14]. Kewley et al. [24] proposed Dynamic Network Address Translation (DYNAT), a transformation function of the destination IP address and port that used an encryption algorithm (RC5 [25] due to matching the ciphertext output size), along with a secret seed and a time-based secret key. This transformation meant that only those who held the shared secrets could reliably contact the services behind DYNAT. ...
Edge computing is crucial for many of the new 5G business vertical use-cases, such as Industry 4.0 robots, safety-critical communications, and highly-efficient smart grids. However, the tighter integration of such impactful businesses into previously core network operations raises significant security, trustworthiness, and reliability issues. A business vertical must not compromise the Edge platform to other business verticals. Likewise, the vertical Network Services (NSs) entrusted to the Edge should not be compromisable by adversary action. Inspired by the existing Internet Services Two-Factor Authentication (2FA) systems, we propose a Moving Target Defense (MTD) mechanism that protects sensitive NSs using a port mutation akin to a seamless Time-based One-Time Password (TOTP) authentication. Our architecture leverages Software-Defined Networking (SDN) to perform the mutations, having the option of working exclusively as a Virtual Network Function (VNF) that can be instantiated on-demand, or in conjunction with OpenFlow hardware-accelerated switches for smarter resource usage. The straightforward Proof-of-Concept implementation showed the approach was viable, with good forwarding plane performance (exceeding the current Network Interface Controllers capabilities), and effective at stopping the unauthorized interactions with the NS being protected. Because the TOTP approach depends on time and there is commonly occurring jitter (e.g., network), the Threat Detection must make a trade-off between minimizing false-positives (too many alarms) and having false-negatives (attempts that go unreported). We have struck a balance that reduces the probability of a rogue probe reaching the NS to nearly 0.0045%, while the probability of stopping an attack but not generating the alarm is approximately 2%. Future work, such as adaptive delay compensation or the use of AI/ML, may further improve the effectiveness of the solution.
... IP obfuscation: To prevent attackers from tracing hosts in the target network based on IP addresses, a number of techniques have been proposed. Two early examples are dynamic network address translation (DyNAT) [112] which is a protocol-obfuscation technique that can scramble source and destination IP addresses in packet headers and network address space randomization (NASR) [113] which modifies a DHCP server to have short IP address leases so that host machines' IP addresses are changed frequently. Many recent techniques follow the line of randomly changing IP addresses. ...
... HT: [82], [155], [157], [161] HT: [21], [81], [83], [155], [161], [162] HT: [77], [79], [80], [85]- [87] HT: [75]- [78], [85], [86], [153], [163] MTD: [21], [112]- [114], [117]- [119], [154]- [157], [160], [164]- [166] MTD: [120], [121], [155], [156] MTD: MTD: ...
Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a two-dimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.
... Authors in [40] give a comprehensive assessment of optimum measure selection on a group of weak attack tracks in the attack graph. Using assessing the degree of Common Vulnerability Scoring Services vulnerabilities, the authors made the choice of selecting a measure, considering the return on investment (ROI) share. ...
The traditional technologies, tools and procedures of any network cannot be protected from attackers due to the unchanged services and configurations of the networks. To get rid of the asymmetrical feature, Moving Target Defense technique constantly changes the platform conformation which reduces success ratio of the cyberattack. Users are faced with realness with the increase of continual, progressive, and smart attacks. However, the defenders often follow the attackers in taking suitable action to frustrate expected attackers. The moving target defense idea appeared as a preemptive protect mechanism aimed at preventing attacks. This paper conducts a comprehensive study to cover the following aspects of moving target defense, characteristics of target attacks and its limitation, classifications of defense types, major methodologies, promising defense solutions, assessment methods and applications of defense. Finally, we conclude the study and the future concern proposals. The purpose of the study is to give general directions of research regarding critical features of defense techniques to scholars seeking to improve proactive and adaptive moving target defense mechanisms.
... This WWII setting also layed the foundations of modern cryptography-cryptology enabled by the Colossus computers [148]. Applications of the concept of defense through constant change in the Internet era can also be found at least since 2001 [84]. However, is not until the last decade that the term "Moving Target Defense" was coined and emerged as a cyberdefense paradigm. ...
Internet of Things (IoT) systems are increasingly being deployed in the real world, but their security lags behind the state of the art of non-IoT systems. Moving Target Defense (MTD) is a cyberdefense paradigm that proposes to randomize components of systems, with the intention of thwarting cyberattacks that previously relied in the static nature of systems. Attackers are now constrained by time. MTD has been successfully implemented in conventional systems, but its use to improve IoT security is still lacking in the literature. Over the course of this thesis, we validated MTD as a cybersecurity paradigm suitable for IoT systems. We identified and synthesized existing MTD techniques for IoT using a systematic literature review method,and defined and used four novel entropy related metrics to measure MTD techniques qualitative properties. Secondly, we proposed a generic distributed MTD framework that allows the instantiation of concrete MTD strategies suitable for the constraints of the IoT. Finally, we designed an secure time synchronization protocol, and instantiated three particular MTD techniques: two at the upper network layers (e.g. port-hopping, and application RESTful interfaces) -and validated one of them in real hardware-, and the third one at the physical layer to achieve IoT systems resilient to insider attacks/jamming by using Direct Sequence Spread-Spectrum techniques with cryptographically-strong pseudo-random sequences.
