Endpoint-agnostic address hopping communication — a network-based design by fully exploiting IPv6 huge space superiority

Network address hopping (NAH) proposed a mechanism to enhance data protection in communications across untrusted networks. It spread the data stream of a communication session across multiple channels, which tried to obstruct information interception in the first place by obscuring the fact that communication takes place between certain end-points. However, the time-stamped packets between two peers would provide a hint for correlating the intercepted packets in case the encryption of the counter got compromised. Furthermore, due to synchronization, the Internet Protocol version 6 (IPv6) addresses pair of the channel ends would appear and disappear strictly, which would perform time-relevance character. A Network-based hopping communication mechanism (NetHop) is proposed in this paper. The address hopping function is deployed on the network side instead of endpoint, which can support secure hopping communication function for universal endpoints without any restriction of Operating System or hardware. By using IPv6 to IPv6 network address translation (NAT), NetHop fully exploits the superiority of IPv6 huge address space. The hopping addresses are generated by hash function and the hopping addresses pair can be chosen randomly. Consequently, NetHop performs better on randomness and concealment than channel-rule NAH.