HIP and identifiers

1
HIP and identifiers

• Henning Schulzrinne
• (based on slides by Hannes Tschofenig)

2
IP Communication

• IP address must be topologically correct
• Mobile node needs to obtain IP address somehow
  (stateful, stateless)
• NAT may be present along the path

3
Mobile Communication

• Two IP addresses are used
• fixed home address
• ephemeral care-of address

Care-of address (CoA)
Home address (HoA)
4
The HIP Protocol Overview

• Protocol proposal contains
• A new namespace / new identity
• An authentication and key exchange protocol
• Architectural thoughts

5
Host Identity (1/2)

• Based on End Point ID debates of IPng
• Chiappa and Bellovin -- Spring 1998
• Using an IP address to identify a host is not
  the best idea (see multi-homed hosts, virtual
  interfaces)
• A new namespace for the Internet
• Cryptograpically based
• A non-cryptographic one makes security harder
• Non-spoofable
• Statistically global scope
• Used in security association bindings and packet
  forwarding mechanisms
• Separates routing from endpoint identification

6
Host Identity (2/2)

• Newly introduced identities
• Host Identity ( public key)
• Host Identity Tag ( hash of the public key, 128
  bit)
• SPI (same as in IPSec)
• LSI (32-bit Local Scope Identity)
• Higher layers only see identities, not addresses
• IPv6 applications use the 128 bit HIT
• IPv4 applications use the 32 bit LSI
• Host Identities can be well-known or anonymous
• Each host has at least one identity

7
The Protocol Stack
Application Layer

• Application-specific identifiers

Transport Layer
Pairs ltIP address, Portgt Transport Protocol ID
Host Identity
Host Identity (HI)
Network Layer
IP addresses
Data Link Layer
Link layer addresses
8
Host Identity Tag Hash(Host Identity)

• Question Why don't we use the Host Identity
  directly?
• Answer The public key has variable length. Using
  variable length addresses is difficult and does
  not allow easy transition. Inconvenient for
  applications.
• Solution Use a fixed length fingerprint instead
  ? Host Identity Tag (HIT)
• 128 bit hash of the Host Identitys public key
• First 2 bits set allocation -- Follows RFC 2372
• IPv6 Address space 00
• 126 bit HIT 01
• HAA assigned 64 bit HIT 10
• IPv6 Address space 11
• Host Assigning Authority (HAA)
• 62 bit hierarchy for registered HITs

9
The HIP ProtocolAn authentication and key
exchange protocol

• The HIP protocol is used to verify the Host
  Identity and to create an IPsec ESP security
  association
• The protocol has the following properties
• Denial-of-Service protection with the
  client-puzzle mechanism
• Re-keying provided by a separate protocol
• Digital signatures, identities and certificates
  are exchanged
• Including the HIP identity in every packet would
  be difficult.
• Therefore, HIP is always combined with IPsec ESP
  where the HIP Identity is compressed into IPsec
  ESP SPI.

10
HIP Exchange
Responder
Initiator
I1 Trigger exchange
R1 Puzzle, D-H(R), HI(R), ESP Transform, HIP
Transform SIG
HIP SA
I2 Solution, LSI(I), SPI(I), D-H(I), ESP
Transform, HIP Transform, H(I)SK SIG
HIP SA
R2 LSI(R), SPI(R), HMACSIG
IPsecSA
IPsec SA

• Every packet contains HIT(I) and HIT(R) in the
  header.

11
HIP Protocol Exchange Legend

• Host Identity Tag HIT
• Host Identity HI
• I Initiator
• R Responder
• D-H(R), D-H(I) Diffie-Hellman Public Key of
  Responder (Initiator)
• SK denotes the session key from the HIP SA.
• SIG Digital signature computed over the entire
  packet
• HIP (ESP) Transform List of algorithm to be
  negotiated (used)
• Puzzle,Solution Values required for the DoS
  cookie puzzle
• LSI Local Scope Identity
• SPI Security Parameter Index

12
Special HIP Packets

• RekeyingMessage to initiate rekeying (e.g., due
  to policy reasons or sequence rollover)
• Bootstrapping
• For the case where the initiator does not
  possess the HIT of the responder.
• Announcing readdressing
• Readdressing required because of
• PPP reconnect
• DHCP new lease, IPv6 address prefix change
• Mobility
• IPv6 privacy related IP address change

13
What about PKI and HIP?

• Currently HIP assumed interaction with DNS
• HIT stored in DNS resource records
• DNS Binary Labels allow reverse mapping
• DNSSEC required to provide proper security
• Other mechanisms could also be used.
• Certificate (X.509) can be exchanged with HIP -
  details are for further study

14
Summary

• HIP introduces new and interesting concepts.
• The introduction of a new address space based on
  a cryptographic identity makes a lot of things
  easier
• Mobility
• Multi-Homing
• IPv4/IPv6 Transition
• Solutions are already there for these problems
  HIP solves the problems in a different way.
• Additionally HIP has security integrated into the
  protocol.
• Open Source implementations might create an
  interesting alternative.

15
Resources

• Host Identity Protocol
• http//www.tml.hut.fi/pnr/HIP/draft-moskowitz
  -hip-08.html
• End-Host Mobility and Multi-Homing with Host
  Identity Protocol http//www.tml.hut.fi/pnr/HIP/d
  raft-nikander-hip-mm-01.html
• Host Identity Protocol Architecture
• http//www.tml.hut.fi/pnr/HIP/draft-moskowitz
  -hip-arch-05.html
• Implementations
• HIPL HIP for Linux http//gaijin.iki.fi/hipl/
• Other implementations available on request
  (Boeing Phantom Works Linux Implementation
  Andrew McGregor's Python Implementation)

16
Summary and Conclusion

• Multi-homing, mobility and security triggered
  many research activities.
• We saw interesting proposals (and we will
  certainly see more)
• Taking a radical different solution approach
  (e.g., cryptographic host identities) solves many
  problems in a convenient way. The implications
  need to be studied more extensively.
• The future Internet architecture is shaped now.