Analysis of the HIP Base Exchange Protocol

  • Tuomas Aura
  • Aarthi Nagarajan
  • Andrei Gurtov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


The Host Identity Protocol (HIP) is an Internet security and multi-addressing mechanism specified by the IETF. HIP introduces a new layer between the transport and network layers of the TCP/IP stack that maps host identifiers to network locations, thus separating the two conflicting roles that IP addresses have in the current Internet. This paper analyzes the security and functionality of the HIP base exchange, which is a classic key exchange protocol with some novel features for authentication and DoS protection. The base exchange is the most stable part of the HIP specification with multiple existing implementations. We point out several security issues in the current protocol and propose changes that are compatible with the goals of HIP.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aboba, B., Dixon, W.: IPsec-network address translation (NAT) compatibility requirements. RFC 3715, IETF (March 2004)Google Scholar
  2. 2.
    Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: Exploiting program structure for model checking concurrent software. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–181. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  5. 5.
    Egevang, K.B., Francis, P.: The IP network address translator (NAT). RFC 1631, IETF (May 1994)Google Scholar
  6. 6.
    Freed, N.: Behavior of and requirements for Internet firewalls. RFC 2979, IETF (October 2000)Google Scholar
  7. 7.
    Harkins, D., Carrel, D.: The Internet key exchange (IKE). RFC 2409, IETF Network Working Group (November 1998)Google Scholar
  8. 8.
    Kaufman, C. (ed.): Internet key exchange (IKEv2) protocol. Internet-Draft draft-ietfipsec- ikev2-17, IETF IPsec WG(September 2004) (work in progress)Google Scholar
  9. 9.
    Kent, S., Atkinson, R.: IP encapsulating security payload (ESP). RFC 2406, IETF (November 1998)Google Scholar
  10. 10.
    Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.R.: Host identity protocol. Internet Draft draft-ietf-hip-base-01, IETF HIP WG (October 2004),
  11. 11.
    Nagarajan, A.: Security issues of locator-identifier split and middlebox traversal for future Internet architectures. Master’s thesis, Technische Universität Hamburg-Harburg, Germany (November 2004)Google Scholar
  12. 12.
    Nikander, P., Ylitalo, J., Wall, J.: Integrating security, mobility, and multi homing in a HIP way. In: Proc. NDSS 2003, San Diego, CA USA, February 2003, pp. 87–99 (2003)Google Scholar
  13. 13.
    Perlman, R., Kaufman, C.: Key exchange in IPSec: Analysis of IKE. IEEE Internet Computing 4(6), 50–56 (2000)CrossRefGoogle Scholar
  14. 14.
    Tschofenig, H., Nagarajan, A., Torvinen, V., Ylitalo, J., Shanmugam, M.: NAT and firewall traversal for HIP. Internet-Draft draft-tschofenig-hiprghip- natfw-traversal 2000 (October 2004) (work in progress)Google Scholar
  15. 15.
    Tschofenig, H., Nagarajan, A., Shanmugam, M., Ylitalo, J., Gurtov, A.: Traversing Middle Boxes with Host Identity Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 17–28. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Tuomas Aura
    • 1
  • Aarthi Nagarajan
    • 2
  • Andrei Gurtov
    • 3
  1. 1.Microsoft ResearchCambridgeUnited Kingdom
  2. 2.Technische Universität Hamburg-HarburgGermany
  3. 3.Helsinki Institute for Information TechnologyFinland

Personalised recommendations