llss, or Link Layer Secure Shuffle is a privacy and security tool designed to optimally function over a wireless ad-hoc network.
What is llss?
llss is a hardware address based MTD (Moving Target Defense). Unlike many other Moving Target Defense systems that are implemented at the application level. llss interacts directly with the link layer, updating host MAC addresses after sending packets.
llss is the result of a University of Illinois Wireless Networking (CS439) project during FA2020. CS439 is (at the time) taught by Robin Kravets.
For more information, visit https://courses.engr.illinois.edu/cs439/
Why does it matter?
A common goal of hackers is to establish a MITM, or Man In The Middle. This occurs when a malicious host places itself in between two legitimate hosts. One common vector (way for hackers to do this) is by abusing the Adress Resolution Protocol (ARP). ARP is the protocol that translates IP addresses (22.214.171.124) to MAC hardware addresses (aa:bb:cc:11:22:33). It is also optimized for efficiency, so security was an afterthought. Malicious devices listen to an arp request (Who has 192.168.1.2?) , and forge a response with their MAC address (I have 192.168.1.2, send packets to de:ad:be:ef:13:37). At this point, the malicious device can see any packets meant for 192.168.1.2, making them inbetween the victim and the target! This is bad!
Using a shared secret key, both hosts know exactly where to send their next packets. Host A will send from Red to Blue, and B will reply from Blue to Green etc. From an outsiders perspective, every packet is going to a completely new computer!
Confidential, Difficult to Trace, Resistant to MITM Attacks
llss is designed to make filtering via wireshark and tcpdump difficult. This increases the time adversaries must take to gather any useful information about you communications.
Easy to use
llss comes complete with a wizard. Users can gain an understanding of it while still accessing its full potential. Once ready, full command-line arguments are available for use.