Host Identity Protocol
Total Page:16
File Type:pdf, Size:1020Kb
Presentation outline Host Identity Protocol •Introduction: What and why? •Background •HIP in a Nutshell •Mobility and multi-homing (multi-addressing) •HIP infrastructure: Hi3 Pekka Nikander •Current status Ericsson Research Nomadiclab and •Summary Helsinki Institute for Information Technology http://www.hip4inter.net 2 What is HIP? Motivation •Not to standardise a solution to a problem •HIP = Host Identity Protocol •No explicit problem statement A proposal to separate identifier from locator at • Exploring the consequences of the id / loc split the network layer of the TCP/IP stack • •A new name space of public keys •Try it out in real life, in the live Internet •A protocol for discovering and authenticating •A different look at many problems bindings between public keys and IP addresses •Mobility, multi-homing, end-to-end security, •Secured using signatures and keyed hashes signalling, control/data plane separation, (hash in combination with a secret key) rendezvous, NAT traversal, firewall security, ... 3 4 Presentation outline Background •Introduction: What and why? •Background •HIP in a Nutshell •A brief history of HIP •Mobility and multi-homing (multi-addressing) •Architectural background •HIP infrastructure: Hi3 •Related IETF Working Groups •Current status •Summary 5 6 1 A Brief History of HIP Architectural background •1999 : idea discussed briefly at the IETF IP addresses serve the dual role of being •2001: two BoFs, no WG created at that time • End-point Identifiers •02-03: development at the corridors • •2004: WG and RG created •Names of network interfaces on hosts •Locators •Now: base protocol more or less ready •Names of naming topological locations •Four interoperating implementations •More work needed on mobility, multi-homing, •This duality makes many things hard NAT traversal, infrastructure, and other issues 7 8 New requirements to RelatedBetter-Than-Nothing IETF WGs Security, and RGs Internet Addressing IKE requiresIPv6 authenticationSignalingSite multihoming and for IPv6 IKEv2 mobilityHandoff and multi-Optimizationminimize adverse effects •Mobile hosts homing(sharedMobility support. secret,Site multihoming certificate, Multi-homing by IPv6 •Need to change IP address dynamically Multiple/changingmip6 Kerberos),Intermediation, tsvwgprefixesNamespace in new shim research mip4Unauthenticatedlayer,(sctp) based IKE,group on (IRTF),Multi6 need •Multi-interface hosts SA. mipshopBare RSA keys, self-signedothermulti6 namespace than •Have multiple independent addresses certificates, lateshim6 bindingIP? API implications. •Mobile, multi-interface hosts most mobike hip challenging •Multiple, dynamically changing addresses ipsec btns •More complex environment nsrg Security •e.g. local-only connectivity ID/loc split 9 10 Presentation outline HIP in a Nutshell •Architectural change to TCP/IP structure •Introduction: What and why? •Integrates security, mobility, and multi- homing •Background •Opportunistic host-to-host IPsec ESP •HIP in a Nutshell •End-host mobility, across IPv4 and IPv6 •Mobility and multi-homing (multi-addressing) End-host multi-address multi-homing, 3 • •HIP infrastructure: Hi IPv4/v6 •Current status •IPv4 / v6 interoperability for apps •Summary •A new layer between IP and transport •Introduces cryptographic Host Identifiers 11 12 2 An analogy: The Idea What if people were hosts • A new Name Space of Host Identifiers (HI) ProcessProcess • Public crypto keys! Connect to Connect TransportTransport < Host IP addr ID , port> • Presented as 128-bit whoever happens to long hash values, to be at Host ID Host ID Tags (HIT) HostHost IdentityIdentity +1-123-456-7890 • Sockets bound to HIs, not to IP addresses IPIP layerlayer IP address • HIs translated to IP Link layer addresses in the kernel Link layer Current IP HIP 13 14 More detailed layering Protocol overview Initiator Responder TransportTransport LayerLayer End-to-end, I1: HIT , HIT or NULL I R HITs IPIP layerlayer R1: HIT , [HIT , puzzle, DH , HI ] IPsec v4/v6 bridge I R R R sig HIP MultiMulti-homing-homing I2: [HIT , HIT , solution, DH , {HI }] I R I I sig Control Fragmentation Control Mobility R2: [HIT , HIT , authenticator] Hop-by-hop, Forwarding I R sig IP User data messages addresses LinkLink LayerLayer Data Data 15 16 Base exchangeSelect precomputed R1. Prevent DoS. Minimal Other core components • Based on SIGMA familystandard of keystate exchangeauthenticated kept at responder! protocols Diffie-HellmanDoes not protect key from Initiatorexchange forreplay session Responder attacks. key generation I1 HIT , HIT or NULL Per-packet identity context I R • R1 HIT , [HIT , puzzle, DH , HI ] •Indirectly, through SPI if ESP is used I R R R sig solve •Directly, e.g., through an explicit shim header puzzle I2 [HIT , HIT , solution, DH ,{HI }] A mechanism for resolving identities to addresses I R I I sig verify, • authenticate, R2 [HIT , HIT , authenticator] replay protection DNS-based, if FQDNs used by applications I R sig • User data messages • Or distributed hash tables (DHTs) based ESP protected TCP/UDP, no explicit HIP header 17 3 How applications work today One way to implement HIP (when IPsec ESP is used) IP DNS query HIT DNS query DNS DNS server DNS DNS server Client app library Server app Client app library Server app DNS reply DNS reply HIT ----- > {IP addresses} connect(IP ) connect(HIT S S IKE IKE ) HIP daemon HIP daemon socket API socket API socket API socket API TCP SYN TCP SYN TCP SYN TCP SYN to IP from IP to HIT from HIT S C S C IPsec IPsec ESP protected TCP SYN IPsec IPsec IPsec IPsec ESP protected TCP SYN IPsec IPsec to IPaddr to IPaddr SPD SAD S SAD SPD SPD SAD S SAD SPD convert HITs to IP addresses convert IP addresses to HITs 19 20 Using HIP with ESP Many faces •More established views: HIT DNS query DNS DNS server A different IKE for simplified end-to-end Client app library Server app • DNS reply ESP HIT ----- > {IP addresses} connect(HIT •Super Mobile IP with v4/v6 interoperability S HIP daemon HIP daemon ) and dynamic home agents socket API socket API •A host multi-homing solution TCP SYN TCP SYN Newer views: to HIT from HIT • S C •New waist of IP stack; universal IPsec IPsec ESP protected TCP SYN IPsec IPsec connectivity SPD SAD to IPaddr SAD SPD S •Secure carrier for signalling protocols convert HITs to IP addresses convert IP addresses to HITs 21 22 HIP as the new waist of HIP for universal connectivity TCP/IP •Goal: Lowest layer providing location- v4 app v6 app v4 app v6 app • independent identifiers and end-to-end TCPv4 TCPv6 TCPv4 TCPv6 connectivity •Work in progress: Host identity Host identity •Support for traversing legacy NATs IPv4 IPv6 IPv4 IPv6 •Firewall registration and authentication Architected middleboxes or layer 3.5 Link layer Link layer • routing •Identity-based connectivity with DHTs 23 24 4 Faces summary: Signalling carrier Motivating architectural •Originally HIP supported only ESP-based factors user data transport (previous slides) •A “reachability” solution across NATs •ESP is now being split from the base •New “waist” for the protocol stack protocol •Built-in security •Base protocol is becoming a secure carrier •Implicit channel bindings for any kinds of signalling •connect(HIT) provides a secured •Support for separate signalling and data connection to the identified host paths •Puzzle-based DoS protection •Implicitly present in the original design •Integrated mobility and end-host multi-homing •Now being made more explicit 25 26 Introduction to IP based Presentation outline mobility and multi-homing •Mobility implemented at “lP layer” •Introduction: What and why? •IP addresses are assigned according to topology •Background •Allows for routing prefix aggregation •HIP in a Nutshell Mobile hosts change their topological Mobility and multi-homing (multi-addressing) • • location •HIP infrastructure: Hi3 •Multi-homed hosts present at many locations •Current status •In an IP based m&m solution •Summary •Transport & apps do not see address changes or multiple addresses 27 28 Rendezvous Mobile IP •Initial rendezvous •How to find a moving end-point? •Home Agent (HA) HA •Can be based on directories •Serves a Home Address MN •Initial reachability •Requires fast directory updates •Triangular routing →Bad match for DNS •Route optimization •Tackling double-jump •Tunnels to bypass HA •What if both hosts move at same time? •HA as rendezvous point CN •Requires rendezvous point 29 30 5 Multi-addressing dimensions HIP Mobility & Multi-homing Multi- end-host SoHo site enterprise •Mobility and multi-homing become homing multihoming multihoming multihoming duals of each other •Mobile host has many addresses over time moving, ad hoc •Multi-homed host has many addresses at multi-homed networks networks the same time •Leads to a Virtual Interface Model A host may have real and virtual interfaces end-host Moving networks • Mobility mobility (NEMO) •Merges the “Home Agent” One Single Parts of All host subnet topology hosts 31 32 Mobility protocol Presentation outline Mobile Corresponding UPDATE: HITs, new locator(s), sig •Introduction: What and why? •Background UPDATE: HITs, RR challenge, sig •HIP in a Nutshell ESP from MN to CN UPDATE: HITs, RR response, sig •Mobility and multi-homing (multi-addressing) •HIP infrastructure: Hi3 •Current status ESP on both directions •Summary 33 34 Key distribution for HIP Basic HIP rendezvous • Depends on application Rendezvous • For multi-addressing, server Rendezvous self-generated keys DNS server registration • Usually keys in the DNS I1 DNS query: DNS reply: • Can use PKI if needed A, AAAA, KEY