Hello René, this email contains a few references to papers regarding the security properties and embedding of HIP in today's network environments.
First of all, HIP is a SIGMA-compliant key exchange protocol [1]. To be exact, it is a derivate of the basic protocol described in Section 5.1, as the HIP BEX is triggered by a separate (empty) message that is not included in the SIGMA protocol family. This allows HIP to perform DoS protection against exhaustive public key-based operations by the responder by means of cryptographic puzzles. Furthermore, the public key (A) of the responder is already sent in the first response message. However, this does not impact the security properties, but rather the anonymity of the responder. Regarding the usage of HIP, there is a rather comprehensive journal article [2] that describes the architecture as well as the operation system and infrastructure requirements of HIP. It also provides some pointers to further papers that may be worth reading for you. Additionally, Samu Varjonen recently published a paper on the "Secure Resolution of End-Host Identifiers for Mobile Clients" [3]. However, it seems to be inaccessible at the moment. Still, you may want to refer to it at later point in time, as it describes an approach to resolve HITs to IP addresses. I hope that this small selection is helping you in understanding the properties of HIP. I would also like to invite other people to contribute to this discussion, e.g., by providing further references relevant for the CoRE WG. Regards, René [1] Krawczyk, H.; SIGMA: The ‘SIGn-and-MAc’ Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols, ADVANCES IN CRYPTOLOGY - CRYPTO 2003 Lecture Notes in Computer Science, 2003 [2] Nikander, P.; Gurtov, A.; Henderson, T.R.; Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 Networks, Communications Surveys & Tutorials, IEEE, 2010 [3] Varjonen, S.; Heer, T.; Rimey, K.; and Gurtov, A.; Secure Resolution of End-Host Identifiers for Mobile Clients, IEEE GLOBECOM, 2011 On 19.12.2011, at 16:51, Rene Struik wrote: > Perhaps, worth some thoughts under the Christmas tree and then getting back > on this one after New Year. > > On 17/11/2011 8:33 PM, Rene Struik wrote: >> Hi fellow-Rene: >> >> If you have some papers, I would appreciate. Distributing those would also >> help removing hurdles to more wide-scale use of HIP (I saw the slides on >> lack of adoption of HIP). >> >> Best regards, Rene >> >> >> On 14/11/2011 12:49 PM, Rene Struik wrote: >>> Hi fellow-Rene: >>> >>> Just curious: is there any research paper outside IETF/IRTF realm that >>> delves into HIP-related matter? On a tangent: same question, but now re >>> cryptographically generated addresses? This may help people to appreciate >>> this effort better, without having to delve into hundreds of pages of >>> specification text that sometimes seems to obscure seeing the forest for >>> the trees (if I translate this properly). I, for one, would love to see 2-3 >>> academic papers that make this subject matter clearer, including security >>> properties, ease-of-use considerations. >>> >>> Best regards, Rene >>> >>> On 14/11/2011 12:38 PM, René Hummen wrote: >>>> Hello everyone, >>>> >>>> we already had a few discussions on this list about new topics and >>>> research directions that would foster collaboration within the context of >>>> the hiprg. Hierarchical HITs, IoT-related protocol variants, and middlebox >>>> awareness have been mentioned there among others. In my opinion, an >>>> informal meeting before the hiprg meeting on Thursdays would be a great >>>> opportunity to further discuss about these topics. Furthermore, such a >>>> meeting would enable us see who is interested in which field and which are >>>> the pros and cons of the different topics as perceived by people in a more >>>> comfortable and less hurried way than in an RG meeting. >>>> >>>> As most of us will probably be at the social event tomorrow evening, I >>>> suggest to meet for dinner/a drink on Wednesday evening at 7:30pm in order >>>> to get some discussion going. Due to the lack of knowledge about a better >>>> place, let's meet up at the entrance of the convention center (TICC). >>>> Please email me if you are interested. >>>> >>>> BR >>>> René >>>> >>>> >>>> >>>> -- >>>> Dipl.-Inform. Rene Hummen, Ph.D. Student >>>> Chair of Communication and Distributed Systems >>>> RWTH Aachen University, Germany >>>> tel: +49 241 80 20772 >>>> web: >>>> http://www.comsys.rwth-aachen.de/team/rene-hummen/ >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> hiprg mailing list >>>> >>>> [email protected] >>>> https://www.irtf.org/mailman/listinfo/hiprg >>> >>> >>> -- >>> email: >>> [email protected] >>> >>> Skype: rstruik >>> cell: +1 (647) 867-5658 >>> USA Google voice: +1 (415) 690-7363 >>> >> >> >> -- >> email: >> [email protected] >> >> Skype: rstruik >> cell: +1 (647) 867-5658 >> USA Google voice: +1 (415) 690-7363 >> > > > -- > email: > [email protected] > > Skype: rstruik > cell: +1 (647) 867-5658 > USA Google voice: +1 (415) 690-7363 > -- Dipl.-Inform. Rene Hummen, Ph.D. Student Chair of Communication and Distributed Systems RWTH Aachen University, Germany tel: +49 241 80 20772 web: http://www.comsys.rwth-aachen.de/team/rene-hummen/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Hipsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/hipsec
