Skip to main content Accessibility help
×
Hostname: page-component-78c5997874-m6dg7 Total loading time: 0 Render date: 2024-11-09T20:29:10.423Z Has data issue: false hasContentIssue false

6 - Host identity protocol (HIP): an overview

from Part II - Network architectures

Published online by Cambridge University Press:  05 October 2012

Pekka Nikander
Affiliation:
Ericsson Research, Finland
Andrei Gurtov
Affiliation:
University of Oulu, Finland
Thomas R. Henderson
Affiliation:
Boeing, USA
Byrav Ramamurthy
Affiliation:
University of Nebraska, Lincoln
George N. Rouskas
Affiliation:
North Carolina State University
Krishna Moorthy Sivalingam
Affiliation:
Indian Institute of Technology, Madras
Get access

Summary

Introduction

The Host Identity Protocol (HIP) and architecture is a new piece of technology that may have a profound impact on how the Internet will evolve over the coming years. The original ideas were formed through discussions at a number of Internet Engineering Task Force (IETF) meetings during 1998 and 1999. Since then, HIP has been developed by a group of people from Ericsson, Boeing, HIIT, and other companies and academic institutions, first as an informal activity close to the IETF and later within the IETF HIP working group (WG) and the HIP research group (RG) of the Internet Research Task Force (IRTF), the research arm of the IETF.

From a functional point of view, HIP integrates IP-layer mobility, multihoming and multi-access, security, NAT-traversal, and IPv4/v6 interoperability in a novel way. The result is architecturally cleaner than trying to implement these functions separately, using technologies such as Mobile IP, IPsec, ICE, and Teredo. In a way, HIP can be seen as restoring the now-lost end-to-end connectivity across various IP links and technologies, this time in a way that it secure and supports mobility and multi-homing. As an additional bonus, HIP provides new tools and functions for future network needs, including the ability to securely identify previously unknown hosts and the ability to securely delegate signaling rights between hosts and from hosts to other nodes.

Type
Chapter
Information
Next-Generation Internet
Architectures and Protocols
, pp. 107 - 135
Publisher: Cambridge University Press
Print publication year: 2011

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Moskowitz, R., Nikander, P. Host Identity Protocol (HIP) Architecture. RFC 4423, May 2006.
Perkins, C. IP Mobility Support for IPv4. RFC 3344, IETF, August 2002.
Perkins, C., Calhoun, P. R., Bharatia, J. Mobile IPv4 Challenge/Response Extensions (Revised). RFC 4721, IETF, January 2007.
Kent, S., Seo, K. Security Architecture for the Internet Protocol. RFC 4301, IETF, December 2005.
Rosenberg, J. Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols. Work in progress, Internet Draft draft-ietf-mmusic-ice-18.txt, IETF, September 2007.
Huitema, C. Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs). RFC 4380, IETF, February 2006.
Chiappa, J. N. Endpoints and Endpoint Names: A Proposed Enhancement to the Internet Architecture. Unpublished Internet Draft, 1999. http://ana.lcs.mit.edu/jnc/tech/endpoints.txt
Harrison, T., Williams, C., Mackrell, W., Bunt, R.Mobile Multicast (MoM) Protocol: Multicast Support for Mobile Hosts. Proc. of the Third Annual ACM/IEEE International Conference on Computing and Networking (MOBICOM97). pp. 151–160. ACM, 1997.CrossRefGoogle Scholar
Kovacshazi, Z., Vida, R.Host Identity Specific Multicast. Proc. of the International Conference on Networking and Services (June 19–25, 2007). ICNS07. IEEE Computer Society, Washington, DC. June 2007. DOI 10.1109/ICNS.2007.66Google Scholar
Ylitalo, J., Nikander, P.BLIND: A Complete Identity Protection Framework for End-points. Security Protocols, Twelfth International Workshop. Cambridge, 24–28 April 2004. LCNS 3957, Wiley, 2006. DOI 10.1007/11861386-18Google Scholar
Takkinen, L. Host Identity Protocol Privacy Management. Masters Thesis, Helsinki University of Technology, March 2006.
Moskowitz, R., Nikander, P., Jokela, P. (ed.), Henderson TR. Host Identity Protocol. RFC 5201, IETF, April 2008.
Jokela, P., Moskowitz, R., Nikander, P. Using ESP transport format with HIP. RFC 5202, IETF, April 2008.
Tschofenig, H., Shanmugam, M. Using SRTP Transport Format with HIP. Work in progress, Internet Draft draft-tschofenig-hiprg-hip-srtp-02.txt, October 2006.
Baugher, M., Carrara, E., McGrew, D. A., Nslund, M., Norrman, K. The Secure Real-time Transport Protocol (SRTP). RFC 3177, IETF, March 2004.
Ramsdell, B. (ed.) Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1, Message Specification. RFC 3851, IETF, July 2004.
Nikander, P., Laganier, J., Dupont, F. An IPv6 Prefix for Overlay Routable Cryptographic Hash Identifiers (Orchid). RFC 4834, IETF, April 2007.
Henderson, T. R., Nikander, P., Mikka, K. Using the Host Identity Protocol with Legacy Applications. RFC 5338, IETF, September 2008.
Komu, M., Henderson, T., Tschofenig, H., Melen, J., Keranen, A. Basic HIP Extensions for the Traversal of Network Address Translators. Work in progress, Internet Draft draft-ietf-hip-nat-traversal-06.txt, IETF, March 2009.
Kivinen, T., Swander, B., Huttunen, A., Volpe, V. Negotiation of NAT-Traversal in the IKE. RFC 3947, IETF, January 2005.
Huttunen, A., Swander, B., Volpe, V., DiBurro, L., Stenberg, M. UDP Encapsulation of IPsec ESP Packets. RFC 3948, IETF, January 2005.
Tschofenig, H., Wing, D. Utilizing Interactive Connectivity Establishment (ICE) for the Host Identity Protocol (HIP). Work in progress, Internet Draft draft-tschofenig-hip-ice-00.txt, June 2007.
Nikander, P., Melen, J. (ed.), Komu, M., Bagnulo, M. Mapping STUN and TURN messages on HIP. Work in progress, Internet Draft draft-manyfolks-hip-sturn-00.txt, November 2007.
Tschofenig, H., Gurtov, A., Ylitalo, J., Nagarajan, A., Shanmugam, M.Traversing Middleboxes with the Host Identity Protocol. Proc. of the Tenth Australasian Conference on Information Security and Privacy (ACISP '05). Brisbane, Australia, July 4–6, 2005.Google Scholar
Schuba, C. L., Krsul, I. V., Kuhn, M. G., et al. Analysis of a Denial of Service Attack on TCP. Proc. of the 1997 IEEE Symposium on Security and Privacy, IEEE, 1997.Google Scholar
Eddy, W. M. TCP SYN Flooding Attacks and Common Mitigations. RFC 4987, IETF, August 2007.
Nikander, P., Arkko, J., Ohlman, B.Host Identity Indirection Infrastructure (Hi3). Proc. of the Second Swedish National Computer Networking Workshop 2004 (SNCNW2004). Karlstad University, Karlstad, Sweden, November 23–24, 2004.Google Scholar
Aura, T., Nagarajan, A., Gurtov, A.Analysis of the HIP Base Exchange Protocol. Proc. of the 10th Australasian Conference in Information Security and Privacy. Brisbane, Australia, July 4–6, 2005, pp. 481–493, LNCS 3574, Springer, 2005.CrossRefGoogle Scholar
Krawczyk, H.SIGMA: the SIGn-and-MAc Approach to Authenticated Diffie–Hellman and its Use in the IKE Protocols. Proc. of Advances in Cryptology – CRYPTO 2003, 23rd Annual International Cryptology Conference. Santa Barbara, California, USA, August 17–21, 2003, pp. 400–425, LCNS 2729, Springer, 2003.CrossRefGoogle Scholar
Nikander, P., Melen, J. A Bound End-to-End Tunnel (BEET) mode for ESP. Work in progress, Internet Draft draft-nikander-esp-beet-mode-07.txt, February 2007.
Nikander, P., Laganier, J. Host Identity Protocol (HIP) Domain Name System (DNS) Extensions. RFC 5205, IETF, April 2008.
Heer, T. Lightweight Authentication for the Host Identifier Protocol. Masters Thesis, RWTH Aachen, August 2006.
Nikander, P., Henderson, T. R., Vogt, C., Arkko, J. End-Host Mobility and Multihoming with the Host Identity Protocol. RFC 5206, April 2008.
Laganier, J., Koponen, T., Eggert, L. Host Identity Protocol (HIP) Registration Extension. RFC 5203, IETF, April 2008.
Laganier, J., Eggert, L. Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204, IETF, April 2008.
Ylitalo, J., Salmela, P., Tschofenig, H.SPINAT: Integrating IPsec into Overlay Routing. Proc. of the First International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm '05), Athens, Greece, September 5–9, 2005.Google Scholar
Nikander, P. An Architecture for Authorization and Delegation in Distributed Object-Oriented Agent Systems. Ph.D. Dissertation, Helsinki University of Technology, March 1999.
Koponen, T., Gurtov, A., Nikander, P.Application mobility with Host Identity Protocol, Extended Abstract inProc. of Network and Distributed Systems Security (NDSS '05) Workshop, Internet Society, February 2005.Google Scholar
Lindqvist, J., Takkinen, L.Privacy Management for Secure Mobility. Proc. of the 5th ACM Workshop on Privacy in Electronic Society. Alexandria, Virginia, USA, October 30–30, 2006. WPES'06. pp. 63–66. ACM. DOI 10.1145/1179601.1179612
Arkko, J., Nikander, P.How to Authenticate Unknown Principals without Trusted Parties. Security Protocols, 10th International Workshop. Cambridge, UK, April 16–19, 2002, pp. 5–16, LCNS 2845, Springer, 2003.Google Scholar
Keromytis, A. D., Misra, V., Rubenstein, D.SOS: Secure Overlay Services. SIGCOMMComput. Commun. Rev. 32:4 (October 2002), 61–72. DOI 10.1145/964725.633032CrossRefGoogle Scholar
Wang, P., Ning, P., Reeves, D. S. Ak-anonymous Communication Protocol for Overlay Networks. Proc. of the 2nd ACM Symposium on Information, Computer and Communications Security. Singapore, March 20–22, 2007. Deng, R and Samarati, P, eds. ASIACCS '07. pp. 45–56. ACM. DOI 10.1145/1229285.1229296Google Scholar
Estrem, B.et al. Secure Mobile Architecture (SMA) Vision Architecture. Technical Study E041, The Open Group, February 2004. www.opengroup.org/products/publications/catalog/e041.htm
Paine, R. R. Secure Mobile Architecture (SMA) for Automation Security. ISA Conference on Wireless Solutions for Manufacturing Automation: Insights for Technology and Business Success. 22–24 July, 2007, Vancouver, CA. www.isa.org/wsummit/presentations/BoeingNGISMAAutomationSecurityVancouverISApresentationtemplates7-23-07.ppt
,Boeing IT Architect Pushes Secure Mobile Architecture. Network World, April 28, 2006. www.networkworld.com/news/2006/050106-boeing-side.html
Cooper, E., Johnston, A., Matthews, P. A Distributed Transport Function in P2PSIP using HIP for Multi-Hop Overlay Routing. Work in progress, Internet Draft draft-matthews-p2psip-hip-hop-00, June 2007.
Hautakorpi, J., Koskela, J. Utilizing HIP (Host Identity Protocol) for P2PSIP (Peer-to-Peer Session Initiation Protocol). Work in progress, Internet Draft draft-hautakorpi-p2psip-with-hip-00, July 2007.
Stiemerling, M., Quittek, J., Eggert, L. NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207, IRTF, April 2008.
Komu, M., Henderson, T. Basic Socket Interface Extensions for Host Identity Protocol (HIP), Work in progress, draft-ietf-hip-native-api-05.txt, July 2008.
Camarillo, G., Nikander, P., Hautakorpi, J., Johnston, A. HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment, Work in progress, draft-ietf-hip-bone-01.txt, March 2009.
Heer, T., Varjonen, S. HIP Certificates, Work in Progress, draft-ietf-hip-cert-00, October 2001.
Henderson, T., Gurtov, A. HIP Experiment Report, Work in Progress, draft-irtf-hip-experiment-05.txt, March 2009.

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×