product iamge

Host Identity Protocol (HIP): Towards the Secure Mobile Internet (Wiley Series on Communications Networking & Distributed Systems)

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

“Within the set of many identifier-locator separation designs for the Internet, HIP has progressed further than anything else we have so far. It is time to see what HIP can do in larger scale in the real world. In order to make that happen, the world needs a HIP book, and now we have it.” - Jari Arkko, Internet Area Director, IETF One of the challenges facing the current Internet architecture is the incorporation of mobile and multi-homed terminals (hosts), and an overall lack of protection against Denial-of-Service attacks and identity spoofing. The Host Identity Protocol (HIP) is being developed by the Internet Engineering Task Force (IETF) as an integrated solution to these problems. The book presents a well-structured, readable and compact overview of the core protocol with relevant extensions to the Internet architecture and infrastructure. The covered topics include the Bound End-to-End Tunnel Mode for IPsec, Overlay Routable Cryptographic Hash Identifiers, extensions to the Domain Name System, IPv4 and IPv6 interoperability, integration with SIP, and support for legacy applications.Unique features of the book:All-in-one source for HIP specificationsComplete coverage of HIP architecture and protocolsBase exchange, mobility and multihoming extensionsPractical snapshots of protocol operationIP security on lightweight devicesTraversal of middleboxes, such as NATs and firewallsName resolution infrastructureMicromobility, multicast, privacy extensionsChapter on applications, including HIP pilot deployment in a Boeing factoryHOWTO for HIP on Linux (HIPL) implementation  An important compliment to the official IETF specifications, this book will be a valuable reference for practicing engineers in equipment manufacturing companies and telecom operators, as well as network managers, network engineers, network operators and telecom engineers. Advanced students and academics, IT managers, professionals and operating system specialists will also find this book of interest.

Author(s): Andrei Gurtov
Edition: 1
Year: 2008

Language: English
Pages: 324

Host Identity Protocol (HIP)......Page 1
Contents......Page 8
About the Author......Page 14
Foreword......Page 16
Foreword......Page 18
Preface......Page 20
Acknowledgments......Page 24
Abbreviations......Page 26
Part I Introduction......Page 30
1 Overview......Page 32
1.1 Identifier–locator split......Page 33
1.2 HIP in the Internet architecture......Page 34
1.3 Brief history of HIP......Page 36
1.4 Organization of the book......Page 38
2.1 Goalsof cryptographic protocols......Page 40
2.2 Basics and terminology......Page 41
2.3.3 Man-In-The-Middle attacks......Page 42
2.3.5 Denial-of-Service attacks......Page 43
2.4.1 Symmetric cryptography......Page 44
2.4.2 Public-key cryptography......Page 48
2.4.3 One-way cryptographic hash functions......Page 52
2.4.4 One-time signatures......Page 54
2.4.6 Cryptographic nonces......Page 55
2.5 Security protocols......Page 56
2.5.2 Keying material......Page 57
2.5.3 Transforms......Page 58
2.5.4 IP security architecture: IPsec......Page 59
2.5.5 IPsec modes......Page 60
2.5.6 IPsec security protocols......Page 62
2.5.7 SIGMA......Page 63
2.5.8 Internet Key Exchange: IKE......Page 66
2.6 Weak authentication techniques......Page 68
2.7 Secure DNS......Page 69
Part II The Host Identity Protocol......Page 72
3.1 Internet namespaces......Page 74
3.2 Methods of identifying a host......Page 75
3.3.2 Generating and routing an ORCHID......Page 76
3.3.3 ORCHID properties......Page 77
3.5 Related IETF activities......Page 78
4.1.1 I1 packet......Page 80
4.1.2 R1 packet......Page 83
4.1.4 R2 packet......Page 86
4.2 Other HIP control packets......Page 89
4.3 IPsec encapsulation......Page 91
4.3.1 ESP transforms......Page 92
4.3.2 ESP Bound End-to-End Tunnel......Page 93
5.1.1 Mobility and multihoming architecture......Page 96
5.1.2 Multihoming as extension of mobility......Page 98
5.1.3 Effect of ESP anti-replay window......Page 100
5.1.4 The LOCATOR parameter......Page 103
5.1.5 Locator states......Page 104
5.1.7 Interaction with transport protocols......Page 105
5.2.1 Registering with a rendezvous server......Page 107
5.3.1 HIP requirements to DNS......Page 108
5.3.2 Storing a RVS address......Page 109
5.3.3 DNS security......Page 110
5.4.2 Packet formats......Page 111
6.1.1 Initiating opportunistic base exchange......Page 114
6.2.1 Piggybacking to I2......Page 115
6.3.1 Overview of Service Discovery......Page 116
6.3.2 On-the-path Service Discovery......Page 117
6.3.3 Passive Service Discovery......Page 119
6.4 Simultaneous multiaccess......Page 120
6.4.1 Flow binding extension......Page 121
6.4.2 Packet formats......Page 122
6.5.1 HITs in the Presence Information Data Format......Page 124
6.6 Multicast......Page 125
6.6.1 Challenges for IP multicast......Page 127
6.6.2 Host Identity Specific multicast......Page 128
6.6.3 Authenticating multicast receivers......Page 132
7.1 HIP on Nokia Internet Tablet......Page 134
7.2.1 Test environment......Page 135
7.2.2 Basic HIP characteristics......Page 136
7.3 Summary......Page 143
8.1 Security functionality of HIP......Page 146
8.1.2 Problem statement......Page 147
8.1.3 Scope of LHIP......Page 148
8.1.4 Threat model......Page 149
8.2 HIP high-level goals......Page 150
8.2.1 LHIP high-level goals......Page 151
8.2.2 Possible approaches......Page 153
8.3.1 Hash chains for HIP authentication......Page 155
8.3.2 Time-based signatures......Page 156
8.3.3 Interactive signatures based on hash chains......Page 157
8.3.4 LHIP authentication layer......Page 159
8.3.5 LHIP integration......Page 166
8.3.6 LHIP associations......Page 168
8.3.7 Security considerations......Page 176
8.3.8 Association upgrades: from LHIP to HIP......Page 179
8.4.1 LHIP base exchange......Page 183
8.4.2 LHIP update......Page 184
8.5.1 LH1– performance......Page 186
8.5.4 LH4 – compatibility......Page 187
Part III Infrastructure Support......Page 190
9.1 Requirements for traversing legacy middleboxes......Page 192
9.1.1 NAT traversal......Page 193
9.1.3 Strategies for legacy middlebox traversal......Page 194
9.2.1 NAT detection......Page 195
9.2.2 Header format......Page 196
9.2.3 Initiator behind a NAT......Page 197
9.2.4 Responder behind a NAT......Page 199
9.2.5 Initiator and Responder behind a NAT......Page 201
9.2.6 Multihoming and mobility with NATs......Page 203
9.3 Requirements for HIP-aware middleboxes......Page 204
9.4.1 Flow identification......Page 205
9.4.2 Advanced extensions......Page 206
9.4.4 Security risks......Page 208
10.1 Problem statement of naming......Page 210
10.2.1 Overview of Distributed Hash Tables......Page 213
10.2.2 OpenDHT interface......Page 214
10.3 HIP interface to OpenDHT......Page 215
10.4 Overview of overlay networks......Page 217
10.5 Host Identity Indirection Infrastructure......Page 219
10.5.1 Separating control, data, and naming......Page 220
10.5.2 The data plane......Page 221
10.5.3 The control plane......Page 226
10.5.4 Discussion of the Hi3 design......Page 230
11.1 Local rendezvous servers......Page 232
11.1.1 Intra-domain mobility......Page 233
11.1.2 Inter-domain mobility......Page 234
11.2 Secure micromobility......Page 235
11.2.1 Hash chain authentication......Page 236
11.2.2 Secure network attachment......Page 237
11.2.3 Micromobility handover......Page 238
11.3.1 Delegation of signaling......Page 239
11.3.2 Mobile router......Page 240
11.3.3 HarMoNy......Page 242
12.1 SPINAT......Page 246
12.2.1 Location and identity privacy......Page 247
12.2.2 Protecting host identity......Page 248
12.2.3 Protecting location privacy......Page 250
12.3.1 Identifiers on protocol layers......Page 251
12.3.2 Changing identifiers......Page 252
Part IV Applications......Page 254
13.1 Virtual Private Networking......Page 256
13.2 P2P Internet Sharing Architecture......Page 258
13.3 Interoperating IPv4 and IPv6......Page 259
13.4 Secure Mobile Architecture......Page 261
13.4.1 Components of SMA......Page 262
13.4.2 SMA testbed at Boeing......Page 263
13.5 Live application migration......Page 266
13.6 Network operator view point on HIP......Page 269
14.1 Using legacy applications with HIP......Page 272
14.1.2 Using DNS resolution......Page 273
14.2.1 Overview of the design......Page 274
14.2.2 Interface specification......Page 275
14.2.3 Socket attributes......Page 279
15.1 Generalized HIP......Page 284
15.1.1 Classification of proposals......Page 285
15.1.2 HIP implications......Page 287
15.2.1 SIP as a rendezvous service......Page 288
15.2.2 Complementary mobility......Page 290
15.2.3 Securing SIP control traffic......Page 291
15.2.4 Session Description Protocol extensions......Page 293
15.3 Encapsulating HIP data using SRTP......Page 294
15.4 Replacing HIP base exchange with IKEv2......Page 298
15.5 Mobile IP and HIP......Page 301
15.6.1 Legacy mobile hosts......Page 303
15.6.2 Legacy correspondent hosts......Page 305
A.1 Overview of HIP implementations......Page 308
A.2 HIPL tutorial......Page 310
Bibliography......Page 314
Index......Page 320