Skip to main content

Host Identity Protocol (HIP): Towards the Secure Mobile Internet

Host Identity Protocol (HIP): Towards the Secure Mobile Internet

Andrei Gurtov

ISBN: 978-0-470-77290-4

Sep 2008

332 pages



“Within the set of many identifier-locator separation designs for the Internet, HIP has progressed further than anything else we have so far. It is time to see what HIP can do in larger scale in the real world. In order to make that happen, the world needs a HIP book, and now we have it.” - Jari Arkko, Internet Area Director, IETF 

One of the challenges facing the current Internet architecture is the incorporation of mobile and multi-homed terminals (hosts), and an overall lack of protection against Denial-of-Service attacks and identity spoofing. The Host Identity Protocol (HIP) is being developed by the Internet Engineering Task Force (IETF) as an integrated solution to these problems. The book presents a well-structured, readable and compact overview of the core protocol with relevant extensions to the Internet architecture and infrastructure. The covered topics include the Bound End-to-End Tunnel Mode for IPsec, Overlay Routable Cryptographic Hash Identifiers, extensions to the Domain Name System, IPv4 and IPv6 interoperability, integration with SIP, and support for legacy applications.

Unique features of the book:

  • All-in-one source for HIP specifications
  • Complete coverage of HIP architecture and protocols
  • Base exchange, mobility and multihoming extensions
  • Practical snapshots of protocol operation
  • IP security on lightweight devices
  • Traversal of middleboxes, such as NATs and firewalls
  • Name resolution infrastructure
  • Micromobility, multicast, privacy extensions
  • Chapter on applications, including HIP pilot deployment in a Boeing factory
  • HOWTO for HIP on Linux (HIPL) implementation  

An important compliment to the official IETF specifications, this book will be a valuable reference for practicing engineers in equipment manufacturing companies and telecom operators, as well as network managers, network engineers, network operators and telecom engineers. Advanced students and academics, IT managers, professionals and operating system specialists will also find this book of interest.

About the Author.

Foreword. (Jari Arkko)

Foreword. (David Hutchison)




Part I Introduction.

Chapter 1: Overview.

1.1 Identifierâ??locatorsplit.

1.2 HIPin the Internetarchitecture.

1.3 BriefhistoryofHIP.

1.4 Organization of the book.

Chapter 2: Introduction to network security.

2.1 Goalsof cryptographicprotocols.

2.2 Basics andterminology.

2.3 Attacktypes.

2.4 Defensemechanisms.

2.5 Securityprotocols.

2.6 Weakauthenticationtechniques.

2.7 SecureDNS.

Part II The Host Identity Protocol.

Chapter 3: Architectural overview.

3.1 Internet namespaces.

3.2 Methods of identifying a host.

3.3 OverlayRoutableCryptographicHashIdentifiers.

Chapter 4: Baseprotocol.

4.1 Base exchange.

4.2 OtherHIPcontrolpackets.

4.3 IPsec encapsulation.

Chapter 5: Main extensions.

5.1 Mobility and multihoming.

5.2 Rendezvous server.

5.3 DNSextensions.

5.4 Registrationprotocol.

Chapter 6: Advanced extensions.

6.1 Opportunistic mode.

6.2 Piggybacking transport headers to base exchange.

6.3 HIPservicediscovery.

6.4 Simultaneous multiaccess.

6.5 DisseminatingHITswitha presenceservice.

6.6 Multicast.

Chapter 7: Performance measurements.

7.1 HIPonNokia InternetTablet.

7.2 Experimental results.

7.3 Summary.

Chapter 8: Lightweight HIP.

8.1 Security functionality of HIP.

8.2 HIPhigh-levelgoals.

8.3 LHIPdesign.

8.4 LHIPperformance.

8.5 Discussion.

Part III Infrastructure Support.

Chapter 9: Middlebox traversal.

9.1 Requirements for traversinglegacymiddleboxes.

9.2 LegacyNATtraversal.

9.3 Requirements forHIP-awaremiddleboxes.

9.4 HIP-awarefirewall.

Chapter 10: Name resolution.

10.1 Problemstatementofnaming.

10.2 DistributedHashTables.

10.3 HIPinterface toOpenDHT.

10.4 Overviewofoverlaynetworks.

10.5 Host Identity Indirection Infrastructure.

10.5.1 Separatingcontrol,data, andnaming.

10.5.2 Thedata plane.

10.5.3 Thecontrolplane.

10.5.4 Discussionof theHi3design.

Chapter 11: Micromobility.

11.1 Local rendezvousservers.

11.2 Secure micromobility.

11.3 Network mobility.

Chapter 12: Communication privacy.

12.1 SPINAT.

12.2 BLIND.

12.3 Anonymousidentifiers.

Part IV Applications.

Chapter 13: Possible HIP applications.

13.1 VirtualPrivateNetworking.

13.2 P2PInternetSharingArchitecture.

13.3 InteroperatingIPv4andIPv6.

13.4 SecureMobileArchitecture.

13.5 Liveapplicationmigration.

13.6 NetworkoperatorviewpointonHIP.

Chapter 14: Application interface.

14.1 UsinglegacyapplicationswithHIP.

14.2 API fornativeHIPapplications.

Chapter 15: Integrating HIP with other protocols.

15.1 GeneralizedHIP.

15.2 The use of Session Initiation Protocol.

15.3 EncapsulatingHIPdatausingSRTP.

15.4 ReplacingHIPbase exchangewithIKEv2.

15.5 MobileIPandHIP.

15.6 HIPproxyfor legacyhosts.

Installing and using HIP.



""I recommend this book to all software writers and engineers who are working in the context of mobile IP, IPv6, and the future internet. Graduate and advanced undergraduate students who are interested in discovering a practical and challenging application of identity management models and cryptographic protocols will also benefit from this book."" (Computing Reviews, May 5, 2009)