Implementation of network moving target defense in embedded systems

dc.contributor.advisor Doug W. Jacobson
dc.contributor.author Finstad, Robert
dc.contributor.department Electrical and Computer Engineering
dc.date 2021-01-16T18:20:31.000
dc.date.accessioned 2021-02-25T21:38:13Z
dc.date.available 2021-02-25T21:38:13Z
dc.date.copyright Tue Dec 01 00:00:00 UTC 2020
dc.date.embargo 2020-11-24
dc.date.issued 2020-01-01
dc.description.abstract <p>Moving target defense provides opportunities for adaptive defense in embedded systems. A great deal of work has been done on incorporating moving target defense techniques into enterprise systems to increase the cost to attackers and level the playing field. A smaller body of work focuses on implementing these techniques in embedded systems, which can greatly benefit from adaptive self-defense techniques. This work implements a network shuffling proof of concept in the Zephyr real time operating system to tackle the challenge of incorporating shuffling techniques into embedded systems. A host-centric, high security implementation is provided which maximizes attacker uncertainty and minimizes the impact of host compromise. Identifiers are utilized at the datalink, network, and transport layers and rotated per connection using keys shared between host pairs.Existing shuffling schemes are explored, including those targeted to IoT contexts. Existing limitations in protecting embedded systems are considered along with the presented by moving target defense. The design details and implementation of incorporating a moving target defense module to in the Zephyr networking stack is provided. The protection provided by the scheme is evaluated and it is compared to existing address shuffling schemes. Future work in better handling data forwarding and collisions in the proof of concept scheme are considered. Options for adapting and building on the scheme to meet the needs of system designers are explored. This work provides system designers with insights into implementing address shuffling in embedded systems.</p>
dc.format.mimetype application/pdf
dc.identifier archive/lib.dr.iastate.edu/etd/18309/
dc.identifier.articleid 9316
dc.identifier.contextkey 21104731
dc.identifier.doi https://doi.org/10.31274/etd-20210114-44
dc.identifier.s3bucket isulib-bepress-aws-west
dc.identifier.submissionpath etd/18309
dc.identifier.uri https://dr.lib.iastate.edu/handle/20.500.12876/94461
dc.language.iso en
dc.source.bitstream archive/lib.dr.iastate.edu/etd/18309/Finstad_iastate_0097M_19191.pdf|||Fri Jan 14 21:40:11 UTC 2022
dc.subject.keywords Cybersecurity
dc.subject.keywords Embedded Systems
dc.subject.keywords Moving Target Defense
dc.subject.keywords Network Shuffling
dc.subject.keywords Zephyr
dc.title Implementation of network moving target defense in embedded systems
dc.type article
dc.type.genre dissertation
dspace.entity.type Publication
relation.isOrgUnitOfPublication a75a044c-d11e-44cd-af4f-dab1d83339ff
thesis.degree.discipline Cyber Security
thesis.degree.level dissertation
thesis.degree.name Master of Science
File
Original bundle
Now showing 1 - 1 of 1
Name:
Finstad_iastate_0097M_19191.pdf
Size:
517.37 KB
Format:
Adobe Portable Document Format
Description: