The Host Identity Protocol (HIP): Bringing mobility, multi- homing, and baseline security together

The Host Identity Protocol (HIP) is an experimental architecture and protocol, being developed at the IETF since 1999 and reaching its first stable version in 2007. It enhances the original Internet architecture by injecting a new thin layer between the IP layer and the transport protocols. This new layer introduces a new name space consisting of cryptographic identifiers, thereby implementing the so-called identifier / locator split. In the new architecture, the new identifiers are used for naming application level end-points, thereby taking the prior identification role of IP addresses in applications, sockets, TCP connections, and UDP send and receive system calls. IPv4 and IPv6 addresses are still used, but only as names for topological locations in the network. At the same time, due to the backwards compatibility mode, no changes are needed in applications. The architectural enhancement implemented by HIP has profound consequences. A number of the previously hard problems become suddenly much easier. Mobility, multi-homing, and baseline end-to-end security integrate neatly into the architecture. The use of cryptographic identifiers allows enhanced accountability, thereby providing a base for easier build up of trust. With some privacy enhancements, HIP allows good location anonymity, assuring strong identity only towards relevant trusted parties. Finally, the HIP protocol has been carefully designed to take middle boxes into account, providing for overlay networks and thereby helping to reduce the currently prevalent problems with bad traffic and routing scalability. This tutorial provides an in-depth look at HIP, discussing its architecture, design, benefits, and potential drawbacks. In the first part of the tutorial, the architecture and design of HIP is discussed in an interactive but lecture-like manner. In the second part of the tutorial the protocol will be demonstrated in practise. The audience is assumed to have good knowledge about the current Internet- architecture and the structure of the TCP/IP stack. However, no knowledge of HIP or the related problems are assumed.