INTRODUCTION TO HOST IDENTITY PROTOCOL (HIP) AND ITS APPLICATIONS Course ANDREI GURTOV Helsinki Institute for Information Technology Slides jointly with Ekaterina Vorobyeva http://www.hiit.fi/˜gurtov November 2008 Outline 1 • Introduction to HIP architecture • Background on network security • The HIP architecture • Base protocol • Main extensions • Advanced extensions • Performance measurements • Lightweight HIP 1 c Andrei Gurtov, 2008. Figures from Host Identity Protocol (HIP): Towards the Secure Mobile Internet, Andrei Gurtov, 2008, c John Wiley & Sons Limited. Reproduced with permission. 2 Outline (cont.) • Middlebox traversal • Name resolution • Micromobility • Communication privacy • Possible HIP applications • API • HIP with other protocols • Implementations 3 Reading material • A. Gurtov, Host Identity Protocol (HIP): Towards the Secure Mobile Internet, ISBN 978-0-470-99790-1, Wiley and Sons, June 2008. (Hardcover, 320 p). • Jokela P, Moskowitz R and Nikander P 2008 Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP). RFC 5202 • Kent S 2005a IP Authentication Header. RFC 4302 (Proposed Standard) • Kent S 2005b IP Encapsulating Security Payload (ESP). RFC 4303 (Proposed Standard) • Kent S and Seo K 2005 Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard) 4 Reading material (cont.) • Krawczyk H, Bellare M and Canetti R 1997 HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational). • Laganier J and Eggert L 2008 Host Identity Protocol (HIP) Rendezvous Extension. RFC 5204 • Laganier J, Koponen T and Eggert L 2008 Host Identity Protocol (HIP) Registration Extension. RFC 5203. • Manral V 2007 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH). RFC 4835 (Proposed Standard). • Moskowitz R and Nikander P 2006 Host Identity Protocol Architecture. RFC 4423, IETF. 5 Reading material (cont.) • Moskowitz R, Nikander P, Jokela P and Henderson T 2008 Host Identity Protocol. RFC 5201. • Nikander P, Henderson T, Vogt C and Arkko J 2008 End-Host Mobility and Multihoming with the Host Identity Protocol. RFC 5206 • Nikander P and Laganier J 2008 Host Identity Protocol (HIP) Domain Name System (DNS) Extension. RFC 5205. • Nikander P, Laganier J and Dupont F 2007b An IPv6 prefix for overlay routable cryptographic hash identifiers (ORCHID). RFC 4843, IETF. • Orman H 1998 The OAKLEY key determination protocol. IETF RFC 2412 • Rivest RL 1992 The MD5 message digest algorithm. RFC 1321 6 Reading material (cont.) • Rosenberg J, Weinberger J, Huitema C and Mahy R 2003 STUN: Simple traversal of user datagram protocol (UDP) through network address translators (NATs). RFC 3489, IETF • Saltzer JH 1993 On the naming and binding of network destinations in local computer networks. RFC 1498, IETF. • Stiemerling M, Quittek J and Eggert L 2008 NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication. RFC 5207. • Kivinen T and Kojo M 2003 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE). RFC 3526 • Kaufman C 2005 Internet key exchange (IKEv2) protocol. RFC 4306, IETF. 7 Overview 8 Identifier-locator split • Network prefixes of IP addresses – IP addresses are located in a close geographical area • The role of host identifier (e.g. DNS) • Dual role of IP addresses – identifying function of IP addresses – locating function of IP addresses 9 Location and identity of hosts are combined in the Internet Service Socket • the role of IP as identifier and locators are still mixed • separate service uses own socket Endpoint • the endpoint identity is attached to the IP ad- dress Locator IP address 10 Identifier-locator split (cont.) • HIP splits host identifier and locator • A security mechanism is essential to prove the identity – a long randomly generating string - not sufficient in a public Internet – a self-generated public-private key pair as the host identity • Host identity separates socket and network interfaces – several locators can be associated with one identity – a single host can have multiply identities – group host identities (in the research phase) 11 Separating location and identity of Internet hosts Service Socket • the positioning of host identity between socket and network interfaces • the sockets are bound to the host identity in- Endpoint Host ID stead of a locator Locators IP address 1 IP address 2 12 HIP in the Internet Architecture • IP protocol - the only routable network-layer protocol in use • IP protocol is able to run over a wide range of link technologies – Ethernet – Wireless LAN – Token Ring • Multiple transport protocols can run on top of IP – TCP and UDP • The large number of application uses the transport protocol – HTTP – SMTP – FTP 13 IP as a waist of the Internet protocol stack HTTP SMTP FTP TCP UDP • IP - narrowest part of the stack • waist of the Internet IP WLAN Ethernet TokenRing 14 HIP in the Internet Architecture (cont.) • A major problem in the original Internet architecture – tight coupling between networking and transport layers (e.g., TCP checksum calculation) – impossible independent evolution of two layers • Introduction of a new networking or transport protocol requires changes to other layers • The dramatic growth of the Internet scale (introduction of IPv6) • Unfeasible deployment of a new IP version with a flag day • The necessity of simultaneous routing of both IP protocol versions • HIP architecture can restore the original Internet hourglass model 15 HIP as a new waist of the Internet protocol stack HTTP SMTP FTP TCP UDP • HIP replaces IPv4 in its role • IPv4 and IPv6 run underneath HIP HIP • transport protocols on top of HIP IPv4 IPv6 WLAN Ethernet TokenRing 16 HIP in the Internet Architecture (cont.) • The problem of Denial-of-Service (DoS) attacks – server creates a significant state during establishment of a TCP connection after replying to a SYN packet – there is no assurance that the SYN has arrived from the genuine host – moderate number of host can swamp the server with SYN messages • HIP prevents creating the state before the client is verified • By means of cryptographic puzzles HIP prevents the client generating connection attempts at an overly fast rate – puzzle offers a client to reverse a hash function that requires significant computational resources. Verifying the puzzle at the server is a short operation 17 The IP protocol stack Application IP address, port • a Berkley socket binds to the IP ad- dress and transport protocol family • the state created at a transport layer Transport IP address, port uses the IP and transport protocol port number to deliver data to a correct ap- plication Network IP address • the network layer uses the destination IP to determine a right transmission link MAC address • the Network Interface Card (NIC) ad- Link dress is added on the link 18 The protocol stack of HIP • HIP - a sub-layer between the network and Application HIT, port transport layers • the application and transport protocol use the Transport HIT, port host identity tag (HIT) in their messages • HIP sub-layer maps HITs to the IP address before passing a packet to the networking HI Host Identity layer • transmission of the packet then follows the IP address Network same pattern as in a plain IP stack Link MAC address 19 Brief history of HIP • The problem of naming hosts and data in the Internet – RFC1498 from 1993 reprints the paper on naming from 1982 – resource name, address, and route – services and users, network nodes, network attachment points, and paths – three bindings of a service to node, a node to attachment point, and an attachment point to a route • Name Space Research Group (NSRG) - in IRTF from 1993 to 2003 – other namespaces than the 32-bit IPv4 addresses – Robert Moskowitz from ICSA, Inc - the original inventor of HIP 20 Brief history of HIP (cont.) • The draft moskowitz-hip-00 is an individual submission in the IETF, May 1999 • From 1999 to 2002, R.Moskowitz has held informal meetings during the IETFs • Several revisions of the HIP architecture and protocol specifications were published as individual submissions • In 2002, Pekka Nikander became interested in HIP and took over the leading of the standardization effort from R.Moskowitz • New packet structure, the state machine and the protocol details were developed together with Ericsson NomadicLab, Boeing, and HIIT • The specifications were published as individual submissions until 2004 21 Brief history of HIP (cont.) • In June 2004 an IETF working group on HIP was created and draft-ietf-hip-base-00 was published – the HIP WG is chaired by David Ward (Cisco) and Gonzalo Camarillo (Ericsson) – the purpose was ”to define the minimal elements that are needed for HIP experimentation on a wide scale” • First outcome of the group - overview of HIP architecture – the HIP BE and ESP encapsulation specifications – mobility and multihoming extensions – DNS and RVS, and registration extensions 22 Brief history of HIP (cont.) • In late 2006, NAT traversal, the application support and native API - as WG items • In 2004, HIP RG was chartered at the Internet Research Task Force (IRTF) • In 2005, Andrei Gurtov (HIIT) replaced Pekka Nikander • The task of HIP RG – evaluation of the impact of wider HIP deployment on the Internet – development of experimental protocol extensions that are not yet ready for standardization in the IETF 23 Introduction to network security 2 2Based on work contributed by Tobias Heer, RWTH. 24 Goals of cryptographic