Presentation outline

Host Identity Protocol •Introduction: What and why? •Background •HIP in a Nutshell •Mobility and multi-homing (multi-addressing) •HIP infrastructure: Hi3 Pekka Nikander •Current status Ericsson Research Nomadiclab and •Summary Helsinki Institute for Information Technology http://www.hip4inter.net

2

What is HIP? Motivation

•Not to standardise a solution to a problem •HIP = Host Identity Protocol •No explicit problem statement A proposal to separate identifier from locator at • Exploring the consequences of the id / loc split the network layer of the TCP/IP stack • •A new name space of public keys •Try it out in real life, in the live •A protocol for discovering and authenticating •A different look at many problems bindings between public keys and IP addresses •Mobility, multi-homing, end-to-end security, •Secured using signatures and keyed hashes signalling, control/data plane separation, (hash in combination with a secret key) rendezvous, NAT traversal, firewall security, ...

3 4

Presentation outline Background

•Introduction: What and why? •Background •HIP in a Nutshell •A brief history of HIP •Mobility and multi-homing (multi-addressing) •Architectural background •HIP infrastructure: Hi3 •Related IETF Working Groups •Current status •Summary

5 6

1 A Brief History of HIP Architectural background

•1999 : idea discussed briefly at the IETF IP addresses serve the dual role of being •2001: two BoFs, no WG created at that time • End-point Identifiers •02-03: development at the corridors • •2004: WG and RG created •Names of network interfaces on hosts •Locators •Now: base protocol more or less ready •Names of naming topological locations •Four interoperating implementations •More work needed on mobility, multi-homing, •This duality makes many things hard NAT traversal, infrastructure, and other issues

7 8

New requirements to RelatedBetter-Than-Nothing IETF WGs Security, and RGs Internet Addressing IKE requiresIPv6 authenticationSignalingSite and for IPv6 IKEv2 mobilityHandoff and multi-Optimizationminimize adverse effects •Mobile hosts homing(sharedMobility support. secret,Site multihoming certificate, Multi-homing by IPv6 •Need to change IP address dynamically Multiple/changingmip6 ),Intermediation, tsvwgprefixesNamespace in new shim research mip4Unauthenticatedlayer,(sctp) based IKE,group on (IRTF),Multi6 need •Multi-interface hosts SA. mipshopBare RSA keys, self-signedothermulti6 namespace than •Have multiple independent addresses certificates, lateshim6 bindingIP? API implications. •Mobile, multi-interface hosts most mobike hip challenging •Multiple, dynamically changing addresses btns •More complex environment nsrg Security •e.g. local-only connectivity ID/loc split

9 10

Presentation outline HIP in a Nutshell •Architectural change to TCP/IP structure •Introduction: What and why? •Integrates security, mobility, and multi- homing •Background •Opportunistic host-to-host IPsec ESP •HIP in a Nutshell •End-host mobility, across IPv4 and IPv6 •Mobility and multi-homing (multi-addressing) End-host multi-address multi-homing, 3 • •HIP infrastructure: Hi IPv4/v6 •Current status •IPv4 / v6 interoperability for apps •Summary •A new layer between IP and transport •Introduces cryptographic Host Identifiers 11 12

2 An analogy: The Idea What if people were hosts

• A new Name Space of Host Identifiers (HI) ProcessProcess • Public crypto keys! Connect to Connect TransportTransport < Host IP addr ID , port> • Presented as 128-bit whoever happens to long hash values, to be at Host ID Host ID Tags (HIT) HostHost IdentityIdentity +1-123-456-7890 • Sockets bound to HIs, not to IP addresses IPIP layerlayer IP address • HIs translated to IP Link layer addresses in the kernel Link layer Current IP HIP

13 14

More detailed layering Protocol overview Initiator Responder TransportTransport LayerLayer End-to-end, I1: HIT , HIT or NULL I R HITs IPIP layerlayer R1: HIT , [HIT , puzzle, DH , HI ] IPsec v4/v6 bridge I R R R sig HIP Multi-homingMulti-homing I2: [HIT , HIT , solution, DH , {HI }] I R I I sig Control

Fragmentation Control Mobility R2: [HIT , HIT , authenticator] Hop-by-hop, Forwarding I R sig IP User data messages addresses LinkLink LayerLayer Data Data 15 16

Base exchangeSelect precomputed R1. Prevent DoS. Minimal Other core components • Based on SIGMA familystandard of keystate exchangeauthenticated kept at responder! protocols Diffie-HellmanDoes not protect key from Initiatorexchange forreplay session Responder attacks. key generation I1 HIT , HIT or NULL Per-packet identity context I R • R1 HIT , [HIT , puzzle, DH , HI ] •Indirectly, through SPI if ESP is used I R R R sig solve •Directly, e.g., through an explicit shim header puzzle I2 [HIT , HIT , solution, DH ,{HI }] A mechanism for resolving identities to addresses I R I I sig verify, • authenticate, R2 [HIT , HIT , authenticator] replay protection DNS-based, if FQDNs used by applications I R sig • User data messages • Or distributed hash tables (DHTs) based ESP protected TCP/UDP, no explicit HIP header

17

3 How applications work today One way to implement HIP (when IPsec ESP is used)

IP DNS query HIT DNS query DNS DNS server DNS DNS server Client app library Server app Client app library Server app DNS reply DNS reply HIT ----- > {IP addresses} connect(IP ) connect(HIT S S IKE IKE ) HIP daemon HIP daemon

socket API socket API socket API socket API

TCP SYN TCP SYN TCP SYN TCP SYN to IP from IP to HIT from HIT S C S C

IPsec IPsec ESP protected TCP SYN IPsec IPsec IPsec IPsec ESP protected TCP SYN IPsec IPsec to IPaddr to IPaddr SPD SAD S SAD SPD SPD SAD S SAD SPD

convert HITs to IP addresses convert IP addresses to HITs 19 20

Using HIP with ESP Many faces •More established views: HIT DNS query DNS DNS server A different IKE for simplified end-to-end Client app library Server app • DNS reply ESP HIT ----- > {IP addresses} connect(HIT •Super Mobile IP with v4/v6 interoperability S HIP daemon HIP daemon ) and dynamic home agents socket API socket API •A host multi-homing solution TCP SYN TCP SYN Newer views: to HIT from HIT • S C •New waist of IP stack; universal IPsec IPsec ESP protected TCP SYN IPsec IPsec connectivity SPD SAD to IPaddr SAD SPD S •Secure carrier for signalling protocols convert HITs to IP addresses convert IP addresses to HITs 21 22

HIP as the new waist of HIP for universal connectivity TCP/IP •Goal: Lowest layer providing location- v4 app v6 app v4 app v6 app • independent identifiers and end-to-end TCPv4 TCPv6 TCPv4 TCPv6 connectivity •Work in progress: Host identity Host identity •Support for traversing legacy NATs IPv4 IPv6 IPv4 IPv6 •Firewall registration and Architected middleboxes or layer 3.5 Link layer Link layer • routing •Identity-based connectivity with DHTs

23 24

4 Faces summary: Signalling carrier Motivating architectural •Originally HIP supported only ESP-based factors user data transport (previous slides) •A “reachability” solution across NATs •ESP is now being split from the base •New “waist” for the protocol stack protocol •Built-in security •Base protocol is becoming a secure carrier •Implicit channel bindings for any kinds of signalling •connect(HIT) provides a secured •Support for separate signalling and data connection to the identified host paths •Puzzle-based DoS protection •Implicitly present in the original design •Integrated mobility and end-host multi-homing •Now being made more explicit

25 26

Introduction to IP based Presentation outline mobility and multi-homing •Mobility implemented at “lP layer” •Introduction: What and why? •IP addresses are assigned according to topology •Background •Allows for routing prefix aggregation •HIP in a Nutshell Mobile hosts change their topological Mobility and multi-homing (multi-addressing) • • location •HIP infrastructure: Hi3 •Multi-homed hosts present at many locations •Current status •In an IP based m&m solution •Summary •Transport & apps do not see address changes or multiple addresses

27 28

Rendezvous Mobile IP

•Initial rendezvous •How to find a moving end-point? •Home Agent (HA) HA •Can be based on directories •Serves a Home Address MN •Initial reachability •Requires fast directory updates •Triangular routing →Bad match for DNS •Route optimization •Tackling double-jump •Tunnels to bypass HA •What if both hosts move at same time? •HA as rendezvous point CN •Requires rendezvous point

29 30

5 Multi-addressing dimensions HIP Mobility & Multi-homing

Multi- end-host SoHo site enterprise •Mobility and multi-homing become homing multihoming multihoming multihoming duals of each other •Mobile host has many addresses over time moving, ad hoc •Multi-homed host has many addresses at multi-homed networks networks the same time •Leads to a Virtual Interface Model A host may have real and virtual interfaces end-host Moving networks • Mobility mobility (NEMO) •Merges the “Home Agent” One Single Parts of All host subnet topology hosts 31 32

Mobility protocol Presentation outline Mobile Corresponding UPDATE: HITs, new locator(s), sig •Introduction: What and why? •Background UPDATE: HITs, RR challenge, sig •HIP in a Nutshell ESP from MN to CN UPDATE: HITs, RR response, sig •Mobility and multi-homing (multi-addressing) •HIP infrastructure: Hi3 •Current status ESP on both directions •Summary

33 34

Key distribution for HIP Basic HIP rendezvous

• Depends on application Rendezvous • For multi-addressing, server Rendezvous self-generated keys DNS server registration • Usually keys in the DNS I1 DNS query: DNS reply: • Can use PKI if needed A, AAAA, KEY A, AAAA, KEY • Opportunistic mode supported R1 • SSH-like leap-of-faith Client app I2 Server • Accept a new key if it R2 matches a fingerprint Client

35 36

6 HIP registrationServer protocolinforms The infrastructure question client about registrar Client Server •HIs originally planned to be stored in the capability (BE) DNS I1 Client requests registration •Retrieved simultaneously with IP R1 + REG_INFO addresses Also update Authz. Based •Does not work if you have only a HIT messages I2 + REG_REQUESTon local policies •Question: How to get data based on HIT (protected) only? Cancel withR2 + REG_RESPONSE •HITs look like 128-bit random numbers zero timeout 3 •Possible answer: DHT based overlay like i

37 38

Distributed Hash Tables i3 rendezvous abstraction

•Distributed directory for flat data •Several different ways to implement •Trigger inserted by receiver(s) Each server maintains a partial map •Packets addressed to identifiers • 3 •Overlay addresses to direct to the right •i routes packet to the receiver(s) server send(R, data) •Resilience through parallel, unrelated send(ID, data) mappings Sender trigger Receiver (R)

•Used to create overlay networks ID R

39 40

Hi3 and DHT-based Hi3: combining HIP and i3 rendezvous

•Developed at Ericsson Research IP Networks

3 3 •Uses i overlay for HIP control packets i overlay •Provides rendezvous for HIP based •Data packets use plain old IP control plane •Cryptographically protected with ESP IP-based user plane •Only soft or optional state in the network

41 42

7 Hi3 overlay and Control/data separation IPsec connectivity 3 •i overlay for signalling (control plane) 3 i overlay •Routes only HIP control packets based •e2e ESP for data traffic (user plane) rendezvous infra •Firewalls/middle boxes opened ID R dynamically •Only end-to-end signalling (HIP) •Middle boxes “snoop” e2e messages •Lots of details to be filled in

43 44

Benefits for everyone An Internet control plane?

•HIP separates control and data traffic •Operators 3 •Hi routes control traffic through overlay •Control, security, resilience, revenue •Control and data packets take potentially •Enterprises very different paths •Security, resilience, mobility •Allows telecom-like control … •Individual users •… but does not require it •Security, mobility, ease of use

45 46

Benefits to operators Benefits to enterprises

•More controlled network •Data requires HIP handshake first •More secure firewalls •Protection against DoS and DDoS •Integrated mobility and multi-access •Resilience •Across IPv4 and IPv6 •Integrated multi-homing •No single points of failure •No single points of failure

47 48

8 Benefits to users Presentation outline

•Introduction: What and why? •Background •DoS and DDoS protection •HIP in a Nutshell •Supports home servers (NAT traversal) •Mobility and multi-homing (multi-addressing) Configuration free baseline security • HIP infrastructure: Hi3 (ssh-like leap-of-faith encryption • •Current status •Summary

49 50

Current status Implementation status •Four interoperating implementations •WG and RG formed at the IETF / IRTF •Ericsson Research Nomadiclab, FreeBSD •First meetings in Seoul, March 2004 •Helsinki Institute for Information Tech., Linux •Four known interoperating implementations •Boeing Phantom Works, Linux and •A number of internet drafts Windows •Base specifications start to be mature •Sun Labs Grenoble, Solaris •About a dozen papers published or •Other implementations submitted •Indranet (obsolete), DoCoMo US Labs, rumours about other

51 52

Evolution of drafts: Early era Evolution of drafts: Restart

53 54

9 Evolution of drafts: 2005 Current status

• RFCs • Host Identity Protocol (HIP) Architecture RFC 4423 Architecture • RFC queue • Host Identity Protocol (HIP) (DNS) Extensions Base • IESG Processing exchange • Host Identity Protocol • End-Host Mobility and Multihoming with the Host Identity Protocol Mobility & • Host Identity Protocol (HIP) Rendezvous Extension multi-homing • Host Identity Protocol (HIP) Registration Extension • Using ESP transport format with HIP DNS • Using the Host Identity Protocol with Legacy Applications • Internet-Drafts Rendezvous • HIP Extensions for the Traversal of Network Address Translators • Native Application Programming Interfaces for SHIM APIs Registration

55 56

Summary •New cryptographic name space •IP hosts identified with public keys •Integrates security, mobility, multi-homing •Evolving into a more generic signalling carrier •Four interoperating implementations (total 7?) •Base specifications start to be mature •http://www.hip4inter.net •http://www.tml.hut.fi/~pnr/publications/

57

10