Host Identity Protocol Slides by: Pekka Nikander Ericsson Research Nomadiclab and Helsinki Institute for Information Technology http: //www. hip 4 inter. net
Presentation outline • Introduction: What and why? • Background • HIP in a Nutshell • Mobility and multi-homing (multi-addressing) • HIP infrastructure: Hi • Current status • Summary 3 2
What is HIP? • HIP = Host Identity Protocol • A proposal to separate identifier from locator at the network layer of the TCP/IP stack • A new name space of public keys • A protocol for discovering and authenticating bindings between public keys and IP addresses Secured using signatures and keyed hashes (hash in combination with a secret key) • 3
Motivation • Not to standardise a solution to a problem • No explicit problem statement • Exploring the consequences of the id / loc split • Try it out in real life, in the live Internet • A different look at many problems • Mobility, multi-homing, end-to-end security, signalling, control/data plane separation, rendezvous, NAT traversal, firewall security, . . . 4
Presentation outline • Introduction: What and why? • Background • HIP in a Nutshell • Mobility and multi-homing (multi-addressing) • HIP infrastructure: Hi • Current status • Summary 3 5
Background • A brief history of HIP • Architectural background • Related IETF Working Groups 6
A Brief History of HIP • 1999 : idea discussed briefly at the IETF • 2001: two Bo. Fs, no WG created at that time • 02 -03: development at the corridors • 2004: WG and RG created • Now: base protocol more or less ready • Four interoperating implementations • More work needed on mobility, multi-homing, NAT traversal, infrastructure, and other issues 7
Architectural background • IP addresses serve the dual role of being • End-point Identifiers • Names of network interfaces on hosts • Locators • Names of naming topological locations • This duality makes many things hard 8
New requirements to Internet Addressing • Mobile hosts • Need to change IP address dynamically • Multi-interface hosts • Have multiple independent addresses • Mobile, multi-interface hosts most • challenging Multiple, dynamically changing addresses More complex environment e. g. local-only connectivity • • 9
Better-Than-Nothing Security, Related IETF WGs and RGs IPv 6 Signaling and Site multihoming for IPv 6 IKE requires authentication IKEv 2 mobility and multi. Handoff Optimization minimize adverse effects Mobility. Site multihoming by IPv 6 (shared secret, certificate, homing support. Multi-homing Kerberos), Namespace research Intermediation, new shim mip 6 tsvwg Multiple/changing prefixes in mip 4 Unauthenticated IKE, group (IRTF), need (sctp) SA. layer, based on Multi 6 Bare RSA keys, self-signed mipshop other namespace than multi 6 certificates, late binding IP? API implications. shim 6 mobike hip ipsec btns nsrg Security ID/loc split 10
Presentation outline • Introduction: What and why? • Background • HIP in a Nutshell • Mobility and multi-homing (multi-addressing) • HIP infrastructure: Hi • Current status • Summary 3 11
HIP in a Nutshell • Architectural change to TCP/IP structure • Integrates security, mobility, and multi- homing Opportunistic host-to-host IPsec ESP End-host mobility, across IPv 4 and IPv 6 End-host multi-address multi-homing, IPv 4/v 6 IPv 4 / v 6 interoperability for apps A new layer between IP and transport Introduces cryptographic Host Identifiers • • • 12
The Idea • A new Name Space of Process Host Identifiers (HI) • Public crypto keys! • Presented as 128 -bit • Transport Host Identity • HIs translated to IP Host ID IP layer long hash values, Host ID Tags (HIT) Sockets bound to HIs, not to IP addresses Host ID < , port> IP address Link layer addresses in the kernel 13
An analogy: What if people were hosts Connect to whoever happens to be at +1 -123 -456 -7890 Connect to Current IP HIP 14
More detailed layering End-to-end, HITs Transport Layer IP layer IPsec v 4/v 6 bridge HIP Fragmentation Hop-by-hop, IP addresses Multi-homing Mobility Forwarding Link Layer 15
Protocol overview I 1: HIT , HIT or NULL I R R 1: HIT , [HIT , puzzle, DH , HI ] I R R R sig I 2: [HIT , solution, DH , {HI }] I R I I sig R 2: [HIT , authenticator] I R sig Control Responder Initiator Data User data messages 16
Select precomputed R 1. Prevent Do. S. Minimal state kept at responder! • Based on SIGMA family of key exchange standard authenticated Does not protect from protocols Diffie-Hellman key replay attacks. Initiator Responder exchange for session key Base exchange I 1 R 1 solve puzzle I 2 R 2 HIT , HIT or NULL generation I R HIT , [HIT , puzzle, DH , HI ] I R R R sig [HIT , solution, DH , {HI }] I R I I sig verify, authenticate, [HIT , authenticator] replay protection I R sig User data messages ESP protected TCP/UDP, no explicit HIP header 17
Other core components • Per-packet identity context • Indirectly, through SPI if ESP is used • Directly, e. g. , through an explicit shim header • A mechanism for resolving identities to addresses • DNS-based, if FQDNs used by applications • Or distributed hash tables (DHTs) based
How applications work today (when IPsec ESP is used) IP DNS query DNS library DNS reply Client app connect(IP ) S DNS server IKE Server app IKE socket API TCP SYN to IP TCP SYN from IP S IPsec SPD C IPsec SAD ESP protected TCP SYN to IPaddr S 19 IPsec SAD IPsec SPD
Using HIP with ESP HIT DNS query DNS library DNS reply HIT ----- > {IP addresses} Client app connect(HIT ) S DNS server HIP daemon Server app HIP daemon socket API TCP SYN to HIT TCP SYN from HIT S IPsec SPD C IPsec SAD ESP protected TCP SYN to IPaddr convert HITs to IP addresses S 21 IPsec SAD IPsec SPD convert IP addresses to HITs
Many faces • More established views: • A different IKE for simplified end-to-end ESP Super Mobile IP with v 4/v 6 interoperability and dynamic home agents A host multi-homing solution Newer views: New waist of IP stack; universal connectivity Secure carrier for signalling protocols • • • 22
HIP as the new waist of TCP/IP v 4 app v 6 app TCPv 4 TCPv 6 Host identity IPv 4 Host identity IPv 6 IPv 4 Link layer IPv 6 Link layer 23
HIP for universal connectivity • Goal: • Lowest layer providing location • independent identifiers and end-to-end connectivity Work in progress: Support for traversing legacy NATs Firewall registration and authentication Architected middleboxes or layer 3. 5 routing Identity-based connectivity with DHTs • • 24
Signalling carrier • Originally HIP supported only ESP-based • • • user data transport (previous slides) ESP is now being split from the base protocol Base protocol is becoming a secure carrier for any kinds of signalling Support for separate signalling and data paths Implicitly present in the original design Now being made more explicit • • 25
Faces summary: Motivating architectural factors • A “reachability” solution across NATs • New “waist” for the protocol stack • Built-in security • Implicit channel bindings • connect(HIT) provides a secured connection to the identified host • Puzzle-based Do. S protection • Integrated mobility and end-host multi-homing 26
Presentation outline • Introduction: What and why? • Background • HIP in a Nutshell • Mobility and multi-homing (multi-addressing) • HIP infrastructure: Hi • Current status • Summary 3 27
Introduction to IP based mobility and multi-homing • Mobility implemented at “l. P layer” • IP addresses are assigned according to • • • topology Allows for routing prefix aggregation Mobile hosts change their topological location Multi-homed hosts present at many locations In an IP based m&m solution Transport & apps do not see address changes or multiple addresses • • 28
Rendezvous • Initial rendezvous • How to find a moving end-point? • Can be based on directories • Requires fast directory updates → Bad match for DNS • Tackling double-jump • What if both hosts move at same time? • Requires rendezvous point 29
Mobile IP • Home Agent (HA) • Serves a Home Address • Initial reachability • Triangular routing • Route optimization • Tunnels to bypass HA • HA as rendezvous point HA MN CN 30
Multi-addressing dimensions Multihoming end-host multihoming So. Ho site multihoming enterprise multihoming moving, multi-homed networks Mobility end-host mobility One host ad hoc networks Moving networks (NEMO) Single subnet Parts of topology 31 All hosts
HIP Mobility & Multi-homing • Mobility and multi-homing become duals of each other • Mobile host has many addresses over time • Multi-homed host has many addresses at • the same time Leads to a Virtual Interface Model A host may have real and virtual interfaces Merges the “Home Agent” • • 32
Mobility protocol Corresponding Mobile UPDATE: HITs, new locator(s), sig UPDATE: HITs, RR challenge, sig ESP from MN to CN UPDATE: HITs, RR response, sig ESP on both directions 33
Presentation outline • Introduction: What and why? • Background • HIP in a Nutshell • Mobility and multi-homing (multi-addressing) • HIP infrastructure: Hi • Current status • Summary 3 34
Key distribution for HIP • Depends on application • For multi-addressing, self-generated keys • Usually keys in the DNS • Can use PKI if needed • Opportunistic mode DNS server DNS query: A, AAAA, KEY DNS reply: A, AAAA, KEY supported • SSH-like leap-of-faith • Accept a new key if it Client app matches a fingerprint 35
Basic HIP rendezvous Rendezvous server I 1 R 1 I 2 R 2 Client 36 Rendezvous registration Server
Server informs HIP registration protocol Client I 1 client about registrar Server capability (BE) Client requests registration R 1 + REG_INFO Also update Authz. Based on messages I 2 + REG_REQUEST local policies (protected) R 2 + Cancel with REG_RESPONSE zero timeout 37
The infrastructure question • HIs originally planned to be stored in the DNS Retrieved simultaneously with IP addresses Does not work if you have only a HIT Question: How to get data based on HIT only? HITs look like 128 -bit random numbers 3 Possible answer: DHT based overlay like i • • • 38
Distributed Hash Tables • Distributed directory for flat data • Several different ways to implement • Each server maintains a partial map • Overlay addresses to direct to the right • • server Resilience through parallel, unrelated mappings Used to create overlay networks 39
3 rendezvous abstraction i • Trigger inserted by receiver(s) • Packets addressed to identifiers 3 • i routes packet to the receiver(s) send(R, data) send(ID, data) Sender trigger ID R 40 Receiver (R)
3: combining HIP and i 3 Hi • Developed at Ericsson Research IP Networks • Uses i overlay for HIP control packets • Provides rendezvous for HIP • Data packets use plain old IP • Cryptographically protected with ESP • Only soft or optional state in the network 3 41
3 and DHT-based Hi rendezvous 3 i overlay based control plane IP-based user plane 42
Control/data separation 3 i overlay based rendezvous infra ID 43 R
3 Hi overlay and IPsec connectivity • i • • • 3 overlay for signalling (control plane) Routes only HIP control packets e 2 e ESP for data traffic (user plane) Firewalls/middle boxes opened dynamically Only end-to-end signalling (HIP) Middle boxes “snoop” e 2 e messages Lots of details to be filled in • • • 44
An Internet control plane? • HIP separates control and data traffic 3 • Hi routes control traffic through overlay • Control and data packets take potentially • very different paths Allows telecom-like control … … but does not require it • 45
Benefits for everyone • Operators • Control, security, resilience, revenue • Enterprises • Security, resilience, mobility • Individual users • Security, mobility, ease of use 46
Benefits to operators • More controlled network • Data requires HIP handshake first • Protection against Do. S and DDo. S • Resilience • Integrated multi-homing • No single points of failure 47
Benefits to enterprises • More secure firewalls • Integrated mobility and multi-access • Across IPv 4 and IPv 6 • No single points of failure 48
Benefits to users • Do. S and DDo. S protection • Supports home servers (NAT traversal) • Configuration free baseline security (ssh-like leap-of-faith encryption 49
Presentation outline • Introduction: What and why? • Background • HIP in a Nutshell • Mobility and multi-homing (multi-addressing) • HIP infrastructure: Hi • Current status • Summary 3 50
Current status • WG and RG formed at the IETF / IRTF • First meetings in Seoul, March 2004 • Four known interoperating implementations • A number of internet drafts • Base specifications start to be mature • About a dozen papers published or submitted 51
Implementation status • Four interoperating implementations • Ericsson Research Nomadiclab, Free. BSD • Helsinki Institute for Information Tech. , Linux Boeing Phantom Works, Linux and Windows Sun Labs Grenoble, Solaris Other implementations Indranet (obsolete), Do. Co. Mo US Labs, rumours about other • • 52
Evolution of drafts: Early era 53
Evolution of drafts: Restart 54
Evolution of drafts: 2005 Architecture Base exchange Mobility & multi-homing DNS Rendezvous Registration 55
Current status • RFCs • • Host Identity Protocol (RFC 5201) (240492 bytes) • Host Identity Protocol (HIP) Domain Name System (DNS) Extensions (RFC 5205) (34799 bytes) • Host Identity Protocol (HIP) Registration Extension (RFC 5203) (26620 bytes) • Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP) (RFC 5202) (68195 bytes) • Host Identity Protocol (HIP) Rendezvous Extension (RFC 5204) (30233 bytes) • End-Host Mobility and Multihoming with the Host Identity Protocol (RFC 5206) (99430 bytes) • • Host Identity Protocol (HIP) Architecture (RFC 4423) (60977 bytes) Using the Host Identity Protocol with Legacy Applications (RFC 5338) (34882 bytes) Internet-Drafts • Basic HIP Extensions for Traversal of Network Address Translators (75933 bytes) • Basic Socket Interface Extensions for Host Identity Protocol (HIP) (42500 bytes) • HIP Certificates (19638 bytes) • HIP BONE: Host Identity Protocol (HIP) Based Overlay Networking Environment (42692 bytes) 56
Summary • New cryptographic name space • IP hosts identified with public keys • Integrates security, mobility, multi-homing • Evolving into a more generic signalling • carrier Four interoperating implementations (total 7? ) Base specifications start to be mature • • http: //www. hip 4 inter. net • http: //www. tml. hut. fi/~pnr/publications/ 57
Скачать презентацию Host Identity Protocol Slides by Pekka Nikander Ericsson
4fbcc46b4fc9282b85a4f46a249fce6b.ppt