Ipsec Tunnels Vs. Identity-Only Obfuscation Techniques For Moving Target Networks

There has been recent interest in applying moving target approaches to computer networks. The ability to obfuscate the adversary's view of an organization's internal network is thought to confound the adversary's network reconnaissance steps, causing certain inefficiencies in nation state actors' attack processes. Novel Moving Target Network (MTN) techniques have been proposed specifically to hide communicating endpoint identities, blinding the adversary's view of the nodes in the network. To date, however, no published work has evaluated identity-only obfuscation approaches against using IPsec ESP tunnels as a way of hiding endpoint identities. The question is, are there some network configurations where identity-only obfuscation techniques work better than IPsec ESP tunnels? We present arguments that low-overhead MTN identity-only obfuscation approaches may work more efficiently on wireless mobile, tactical, peer-to-peer networks where processing energies and transmission bandwidth are constrained and we also discuss features of metrics for measuring the success of moving target network approaches, helping to guide future research in this area.