Stream splitting moving target defense

Title: Stream splitting moving target defense

Abstract

Systems and methods for utilizing stream splitting Moving Target Defense (MTD) to provide enhanced computer system communication system security by splitting a data stream in to a plurality of paths is described. In some implementations, Stream splitting MTD, involves splitting a single data stream (e.g., TCP stream) into a plurality of discrete units, then sending and receiving those discrete units from and to different (ideally geographically disparate) receiving servers, with the stream being reassembled on the receiving end. The plurality of discrete units of data include resequencing data. The size of each discrete unit may vary depending on the specific implementation, even down to small unit sizes (e.g., a single packet).

Inventors:: Evans, Nathaniel; Thompson, Michael

Issue Date:: 2019-05-28

Research Org.:: Argonne National Lab. (ANL), Argonne, IL (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1568417

Patent Number(s):: 10305868

Application Number:: 15/282,875

Assignee:: UChicago Argonne, LLC (Chicago, IL)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L69/16 - {Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
H04L63/1441 - {Countermeasures against malicious traffic
H04L63/166 - {at the transport layer}
H04L69/14 - {Multichannel or multilink protocols}
H04L65/605 - {intermediate}
H04L63/0464 - {using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it}

Show less

DOE Contract Number:: AC02-06CH11357

Resource Type:: Patent

Resource Relation:: Patent File Date: 09/30/2016

Country of Publication:: United States

Language:: English

Citation Formats


                    Evans, Nathaniel, and Thompson, Michael. Stream splitting moving target defense.  United States: N. p., 2019. 
        Web.

Copy to clipboard


                    Evans, Nathaniel, & Thompson, Michael. Stream splitting moving target defense.  United States.

Copy to clipboard


                    Evans, Nathaniel, and Thompson, Michael. Tue .  
        "Stream splitting moving target defense".  United States.  https://www.osti.gov/servlets/purl/1568417.

Copy to clipboard


                    
@article{osti_1568417,

  title        = {Stream splitting moving target defense},

  author       = {Evans, Nathaniel and Thompson, Michael},

  abstractNote = {Systems and methods for utilizing stream splitting Moving Target Defense (MTD) to provide enhanced computer system communication system security by splitting a data stream in to a plurality of paths is described. In some implementations, Stream splitting MTD, involves splitting a single data stream (e.g., TCP stream) into a plurality of discrete units, then sending and receiving those discrete units from and to different (ideally geographically disparate) receiving servers, with the stream being reassembled on the receiving end. The plurality of discrete units of data include resequencing data. The size of each discrete unit may vary depending on the specific implementation, even down to small unit sizes (e.g., a single packet).},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2019},

  month        = {5}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

System and method for leveraging network topology for enhanced security
patent, April 2010

Garahi, Masood; Stanforth, Peter J.
US Patent Document 7,697,420
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=7697420

Similar Records in DOE Patents and OSTI.GOV collections:

Multiple operating system rotation environment moving target defense

Patent Evans, Nathaniel; Thompson, Michael

Systems and methods for providing a multiple operating system rotation environment ("MORE") moving target defense ("MTD") computing system are described. The MORE-MTD system provides enhanced computer system security through a rotation of multiple operating systems. The MORE-MTD system increases attacker uncertainty, increases the cost of attacking the system, reduces the likelihood of an attacker locating a vulnerability, and reduces the exposure time of any located vulnerability. The MORE-MTD environment is effectuated by rotation of the operating systems at a given interval. The rotating operating systems create a consistently changing attack surface for remote attackers.
Full Text Available
Tracking moving radar targets with parallel, velocity-tuned filters

Patent Bickel, Douglas L.; Harmony, David W.; Bielek, Timothy P.; ...

Radar data associated with radar illumination of a movable target is processed to monitor motion of the target. A plurality of filter operations are performed in parallel on the radar data so that each filter operation produces target image information. The filter operations are defined to have respectively corresponding velocity ranges that differ from one another. The target image information produced by one of the filter operations represents the target more accurately than the target image information produced by the remainder of the filter operations when a current velocity of the target is within the velocity range associated with themore »« less
Full Text Available
Joint synthetic aperture radar plus ground moving target indicator from single-channel radar using compressive sensing

Patent Thompson, Douglas; Hallquist, Aaron; Anderson, Hyrum

The various embodiments presented herein relate to utilizing an operational single-channel radar to collect and process synthetic aperture radar (SAR) and ground moving target indicator (GMTI) imagery from a same set of radar returns. In an embodiment, data is collected by randomly staggering a slow-time pulse repetition interval (PRI) over a SAR aperture such that a number of transmitted pulses in the SAR aperture is preserved with respect to standard SAR, but many of the pulses are spaced very closely enabling movers (e.g., targets) to be resolved, wherein a relative velocity of the movers places them outside of the SARmore »« less
Full Text Available
Method and apparatus for a combination moving bed thermal treatment reactor and moving bed filter

Patent Badger, Phillip C.; Dunn, Jr., Kenneth J.

A moving bed gasification/thermal treatment reactor includes a geometry in which moving bed reactor particles serve as both a moving bed filter and a heat carrier to provide thermal energy for thermal treatment reactions, such that the moving bed filter and the heat carrier are one and the same to remove solid particulates or droplets generated by thermal treatment processes or injected into the moving bed filter from other sources.
Full Text Available
Method for measuring particulate and gaseous metals in a fluid stream, device for measuring particulate and gaseous metals in a fluid stream

Patent Farber, Paul S [Willowbrook, IL]; Huang, Hann-Shen [Westmont, IL]

A method for analyzing metal in a fluid is provided comprising maintaining a first portion of a continuous filter media substrate at a temperature coinciding with the phase in which the metal is to be analyzed; contacting the fluid to a first portion of said substrate to retain the metal on the first portion of said substrate; preventing further contact of the fluid to the first portion of substrate; and contacting the fluid to a second portion of said substrate to retain metal on the second portion of the said substrate while simultaneously analyzing the first portion for metal. Alsomore »« less
Full Text Available

Similar Records

Title: Stream splitting moving target defense

Abstract

Citation Formats

System and method for leveraging network topology for enhanced security patent, April 2010

System and method for leveraging network topology for enhanced security
patent, April 2010