Abstract
The limited flexibility of the Internet to support mobility has motivated many researchers to look for alternative architectures. One such effort that combines security and multihoming together is the Host Identity Protocol (HIP). HIP is a signaling protocol that adds a new protocol layer to the Internet stack between the transport and the network layer. HIP establishes IPsec associations to protect subsequent data traffic. Though the security associations are established solely between the communicating end hosts, HIP also aims to interwork with middleboxes such as NATs and firewalls. This paper investigates this interworking aspect and proposes a solution for secure middlebox traversal.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol draft-ietf-hip-base-01.txt (work in progress) (October 2004)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylnen, T.: SPKI Certificate Theory. RFC 2693 (September 1999)
Maler, E., Philpott, R., Mishra, P.: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 (September 2003)
Kivinen, T., Swander, B., Huttunen, A., Volpe, V.: Negotiation of NATTraversal in the IKE, RFC 3947 (January 2005)
Huttunen, A., Swander, B., Volpe, V., DiBurro, L., Stenberg, M.: UDP Encapsulation of IPsec ESP Packets. RFC 3948 (January 2005)
Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. draft-ietf-ipsec-ikev2- 17.txt (work in progress) (September 2004)
Ylitalo, J., Melen, J., Nikander, P., Torvinen, V.: Re-thinking Security in IP based Micro-Mobility. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 318–329. Springer, Heidelberg (2004)
Automated Validation of Internet Security Protocols and Applications (AVISPA) IST-2001-39252, Deliverable v1.0 (November 2003)
Moore, K.: Things that NATs break Unpublished (October 2003), http://www.cs.utk.edu/moore/what-nats-break.html
Aboba, B., Dixon, W.: IPsec-Network Address Translation (NAT) Compatibility Requirements RFC 3715 (March 2004)
Ylitalo, J., Jokela, P., Wall, J., Nikander, P.: End-point Identifiers in Secure Multi- Homed Mobility. In: Proc. of the 6th International Conference On Principles Of DIstributed Systems (OPODIS 2002), France, December 2002, pp. 17–28 (2002)
Giving, K., Francis, P.: Network Address Translator RFC 1631 (May 1994)
Next Steps in Signaling (nsis) Working Group Charter (February 2005), http://www.ietf.org/html.charters/nsis-charter.html
Kent, S., Atkinson, R.: IP Encapsulating Security Payload, RFC2406 (November 1998)
Automated Validation of Internet Security Protocols and Applications Webpage (February 2005), http://www.avispa-project.org/
Kent, S., Seo, K.: Security Architecture for the Internet Protocol, draft-ietfipsec- rfc2401bis-05.txt (work in progress) (December 2004)
Host Identity Protocol (HIP) IRTF Research Group (February 2005), http://www.irtf.org/charters/hip.html
Jokela, P., Moskowitz, R., Nikander, P.: Using ESP format with HIP draft-jokela-hipesp- 00.txt (work in progress) (Febrauary 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tschofenig, H., Gurtov, A., Ylitalo, J., Nagarajan, A., Shanmugam, M. (2005). Traversing Middleboxes with the Host Identity Protocol. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_2
Download citation
DOI: https://doi.org/10.1007/11506157_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)