Abstract
The Host Identity Protocol (HIP) is an Internet security and multi-addressing mechanism specified by the IETF. HIP introduces a new layer between the transport and network layers of the TCP/IP stack that maps host identifiers to network locations, thus separating the two conflicting roles that IP addresses have in the current Internet. This paper analyzes the security and functionality of the HIP base exchange, which is a classic key exchange protocol with some novel features for authentication and DoS protection. The base exchange is the most stable part of the HIP specification with multiple existing implementations. We point out several security issues in the current protocol and propose changes that are compatible with the goals of HIP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aboba, B., Dixon, W.: IPsec-network address translation (NAT) compatibility requirements. RFC 3715, IETF (March 2004)
Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: Exploiting program structure for model checking concurrent software. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 1–15. Springer, Heidelberg (2004)
Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–181. Springer, Heidelberg (2001)
Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
Egevang, K.B., Francis, P.: The IP network address translator (NAT). RFC 1631, IETF (May 1994)
Freed, N.: Behavior of and requirements for Internet firewalls. RFC 2979, IETF (October 2000)
Harkins, D., Carrel, D.: The Internet key exchange (IKE). RFC 2409, IETF Network Working Group (November 1998)
Kaufman, C. (ed.): Internet key exchange (IKEv2) protocol. Internet-Draft draft-ietfipsec- ikev2-17, IETF IPsec WG(September 2004) (work in progress)
Kent, S., Atkinson, R.: IP encapsulating security payload (ESP). RFC 2406, IETF (November 1998)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.R.: Host identity protocol. Internet Draft draft-ietf-hip-base-01, IETF HIP WG (October 2004), http://www.watersprings.org/pub/id/draft-ietf-hip-base-01.txt
Nagarajan, A.: Security issues of locator-identifier split and middlebox traversal for future Internet architectures. Master’s thesis, Technische Universität Hamburg-Harburg, Germany (November 2004)
Nikander, P., Ylitalo, J., Wall, J.: Integrating security, mobility, and multi homing in a HIP way. In: Proc. NDSS 2003, San Diego, CA USA, February 2003, pp. 87–99 (2003)
Perlman, R., Kaufman, C.: Key exchange in IPSec: Analysis of IKE. IEEE Internet Computing 4(6), 50–56 (2000)
Tschofenig, H., Nagarajan, A., Torvinen, V., Ylitalo, J., Shanmugam, M.: NAT and firewall traversal for HIP. Internet-Draft draft-tschofenig-hiprghip- natfw-traversal 2000 (October 2004) (work in progress)
Tschofenig, H., Nagarajan, A., Shanmugam, M., Ylitalo, J., Gurtov, A.: Traversing Middle Boxes with Host Identity Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 17–28. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aura, T., Nagarajan, A., Gurtov, A. (2005). Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_40
Download citation
DOI: https://doi.org/10.1007/11506157_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)