Nowadays, mobility stresses internet because it generates new problems with packet routing, address management and security. There exists different solutions, e.g. MobileIP. This is a network level solution but that it still has some problems related with security and the involment of additional network structure. So, another solution is HIP. It creates a new name space cryptographically-based that solves the next current problems:
- NAT Traversal
- IPv4 to IPv6 migration
- Mobility
- Multihoming
Background
The main four problems that origins host mobility are:
- Addressing. As an IP address has a locator and identifier scope, when the node moves it's topollogically incorrect.
- Location management. If the Mobile Host changes its IP@ to solve addressing, it becomes unreachable to the rest of the network
- Session maintenance. Not losing your connection when your address changes
- Security.
So the main benefit of HIP is that it solves these problems and it could be applied to all the protocols and integrated with IPSec.
HIP Overview
Host Identity Protocol is based in a public key for the Host Identity. This makes the protocol:
- robust against ManInTheMiddle attacks
- automatic authentication of the protocol
- strong against Denial-of-Service attacks
Host Identities can be stored in directories (PKI) or be anonymous
Comparison with other approaches
HIP-enabled mobility ressembles MobileIPv6 plus "route optimization". This second approach allows correspondent host to directly route packets to the mobile host's visited address to improve: latency, robustness and reduce home network congestion. It achieves this, maintaining a "binding cache" between
| HIP | MobileIPv6+route optimization |
| Tightly integrated with IPSec. Also possible non-IPSec | Used with or without IPSec |
| Inherently secures the readdressing process | Rely on additional mechanisms |
| No Home Network concept. Location of MN obtained from DNS | Requires initial packets exchanges between MH and correspondent host flow through the HNetwork |
| Host-based approach | Can include subnet mobility |
No hay comentarios:
Publicar un comentario