In my previous posting I mentioned VCC – Variable Cyber Coordinates method of communication. In response to questions from readers the following is a an article on the subject in Wikipedia (April 25, 2014).
Variable Cyber Coordinates (VCC) is a method of network communications by which the cyber coordinates of the participating objects or entities are constantly changing. It provides an algorithmic foundation for the dynamic security of network devices against network-based cyber attacks.
Cyber coordinates are sets of statements that determine the position of an object in cyberspace. For instance, an IP address singularly determines the location of a computer within the Internet. Cyber coordinates enable computers connected to the Internet to “find” each other and to communicate, much in the same way that knowledge of geographic coordinates of a location on Earth enables guidance of an object to travel to that location. Essentially, any communications parameter can be viewed as a cyber coordinate. Other examples of cyber coordinates are computer Port numbers, MAC addresses, telephone numbers, file names, radio calls, etc.
With the VCC method of communications cyber coordinates of participating objects or entities are made variable. They are assigned temporary values, often random or pseudorandom. These temporary cyber coordinates are usually encrypted and distributed only to authorized devices. Authorized devices can communicate with each other using the currently valid set of cyber coordinates. Other devices on the network that are not privy to the currently valid set of cyber coordinates, cannot communicate with the authorized devices. However, a determined attacker with sufficient resources, effort and time can identify the currently valid cyber coordinates. To prevent this, the currently valid set of cyber coordinates is periodically changed. The process is repeated at predetermined or random intervals sufficiently frequent to prevent a potential attacker from finding the protected devices and launching a successful attack.
An example of a simplified explanation of the VCC method of communications is illustrated in Fig.1.
The black line denotes regular computer communications; The red arrow denotes distribution of currently valid variable cyber coordinates.
In this example computer A is assigned an IP address xxx.xxx.xxx.123. Only computers B and C are authorized to communicate with computer A. Thus, computer A’s current IP address xxx.xxx.xxx.123 is sent to B and C only. Since computer D has not been sent A’s IP address, it would be difficult for it to determine A’s IP address. Thus no computer except B and C can communicate with A. The controller assigns cyber coordinates to protected computers and ensures their compatibility with the network administration’s policies and procedures.
To further strengthen computer A’s protection, A’s IP address is at some time changed to xxx.xxx.xxx.234. While not affecting A’s physical location, it moves it to another cyber space location. The new coordinates are sent to B and C, but to no other computer. Then even if computer D has made some progress in identifying A’s cyber coordinates, this progress is instantly obsolete with every new cycle of changing A’s cyber coordinates. Using the VCC methodology enables protected computers to evade cyber attacks even before they are launched.
Real VCC-based systems are much more complex than the example above and involve changes of multiple cyber coordinates for computers based in different networks.