Analysis of the HIP Base Exchange Protocol

Aura, Tuomas; Nagarajan, Aarthi; Gurtov, Andrei

doi:10.1007/11506157_40

Tuomas Aura¹⁸,
Aarthi Nagarajan¹⁹ &
Andrei Gurtov²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3574))

Included in the following conference series:

Australasian Conference on Information Security and Privacy

1337 Accesses
20 Citations

Abstract

The Host Identity Protocol (HIP) is an Internet security and multi-addressing mechanism specified by the IETF. HIP introduces a new layer between the transport and network layers of the TCP/IP stack that maps host identifiers to network locations, thus separating the two conflicting roles that IP addresses have in the current Internet. This paper analyzes the security and functionality of the HIP base exchange, which is a classic key exchange protocol with some novel features for authentication and DoS protection. The base exchange is the most stable part of the HIP specification with multiple existing implementations. We point out several security issues in the current protocol and propose changes that are compatible with the goals of HIP.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aboba, B., Dixon, W.: IPsec-network address translation (NAT) compatibility requirements. RFC 3715, IETF (March 2004)
Google Scholar
Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: Exploiting program structure for model checking concurrent software. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 1–15. Springer, Heidelberg (2004)
Chapter Google Scholar
Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–181. Springer, Heidelberg (2001)
Chapter Google Scholar
Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
Google Scholar
Egevang, K.B., Francis, P.: The IP network address translator (NAT). RFC 1631, IETF (May 1994)
Google Scholar
Freed, N.: Behavior of and requirements for Internet firewalls. RFC 2979, IETF (October 2000)
Google Scholar
Harkins, D., Carrel, D.: The Internet key exchange (IKE). RFC 2409, IETF Network Working Group (November 1998)
Google Scholar
Kaufman, C. (ed.): Internet key exchange (IKEv2) protocol. Internet-Draft draft-ietfipsec- ikev2-17, IETF IPsec WG(September 2004) (work in progress)
Google Scholar
Kent, S., Atkinson, R.: IP encapsulating security payload (ESP). RFC 2406, IETF (November 1998)
Google Scholar
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.R.: Host identity protocol. Internet Draft draft-ietf-hip-base-01, IETF HIP WG (October 2004), http://www.watersprings.org/pub/id/draft-ietf-hip-base-01.txt
Nagarajan, A.: Security issues of locator-identifier split and middlebox traversal for future Internet architectures. Master’s thesis, Technische Universität Hamburg-Harburg, Germany (November 2004)
Google Scholar
Nikander, P., Ylitalo, J., Wall, J.: Integrating security, mobility, and multi homing in a HIP way. In: Proc. NDSS 2003, San Diego, CA USA, February 2003, pp. 87–99 (2003)
Google Scholar
Perlman, R., Kaufman, C.: Key exchange in IPSec: Analysis of IKE. IEEE Internet Computing 4(6), 50–56 (2000)
Article Google Scholar
Tschofenig, H., Nagarajan, A., Torvinen, V., Ylitalo, J., Shanmugam, M.: NAT and firewall traversal for HIP. Internet-Draft draft-tschofenig-hiprghip- natfw-traversal 2000 (October 2004) (work in progress)
Google Scholar
Tschofenig, H., Nagarajan, A., Shanmugam, M., Ylitalo, J., Gurtov, A.: Traversing Middle Boxes with Host Identity Protocol. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 17–28. Springer, Heidelberg (2005)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Research, Cambridge, United Kingdom
Tuomas Aura
Technische Universität Hamburg-Harburg, Germany
Aarthi Nagarajan
Helsinki Institute for Information Technology, Finland
Andrei Gurtov

Authors

Tuomas Aura
View author publications
You can also search for this author in PubMed Google Scholar
Aarthi Nagarajan
View author publications
You can also search for this author in PubMed Google Scholar
Andrei Gurtov
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia
Colin Boyd
Information Security Institute, Queensland University of Technology, GPO Box 2434, QLD 4001, Brisbane, Australia
Juan Manuel González Nieto

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Aura, T., Nagarajan, A., Gurtov, A. (2005). Analysis of the HIP Base Exchange Protocol. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_40

Download citation

DOI: https://doi.org/10.1007/11506157_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics