Summary Experience with HIP for Secure Host Mobility and Multihoming

Introduction

Nowadays, mobility stresses internet because it generates new problems with packet routing, address management and security. There exists different solutions, e.g. MobileIP. This is a network level solution but that it still has some problems related with security and the involment of additional network structure. So, another solution is HIP. It creates a new name space cryptographically-based that solves the next current problems:

• NAT Traversal
• IPv4 to IPv6 migration
• Mobility
• Multihoming

Background

The main four problems that origins host mobility are:

• Addressing. As an IP address has a locator and identifier scope, when the node moves it's topollogically incorrect.
• Location management. If the Mobile Host changes its IP@ to solve addressing, it becomes unreachable to the rest of the network
• Session maintenance. Not losing your connection when your address changes
• Security.

So the main benefit of HIP is that it solves these problems and it could be applied to all the protocols and integrated with IPSec.

HIP Overview

Host Identity Protocol is based in a public key for the Host Identity. This makes the protocol:

• robust against ManInTheMiddle attacks
• automatic authentication of the protocol
• strong against Denial-of-Service attacks

Host Identities can be stored in directories (PKI) or be anonymous

Comparison with other approaches

HIP-enabled mobility ressembles MobileIPv6 plus "route optimization". This second approach allows correspondent host to directly route packets to the mobile host's visited address to improve: latency, robustness and reduce home network congestion. It achieves this, maintaining a "binding cache" between .

HIP	MobileIPv6+route optimization
Tightly integrated with IPSec. Also possible non-IPSec	Used with or without IPSec
Inherently secures the readdressing process	Rely on additional mechanisms
No Home Network concept. Location of MN obtained from DNS	Requires initial packets exchanges between MH and correspondent host flow through the HNetwork
Host-based approach	Can include subnet mobility

Introduction

As a blog is, this pretends to be as a diary of my daily work in the department and a useful tool, I hope, for the time when I have to write my master thesis. This blog will include summaries of the drafts, articles and rfc that I would read and that are related with HIP. And also, the problems that I have found installing the protocol in the kernel and user space.

The project it would take to me around 8 months. So this would be end of August.
My initial objectives are :

- Develop my skills in *UNIX environments
- Improve my knowledge of C
- Increase my networks knowledge
- Learn how to write a scientific document using latex