Hi,
I sent privately a number of references for Struik but here's the most
essential ones. Regarding to ease-of-use considerations, and UIA [1]
extends HIP-like security to user-level identities. We have also
conducted some usability tests with a HIP GUI [2] earlier.
Regarding to security, references [3,4] are worth checking out because
they have helped to improve the security in HIP.
[1] http://www.pdos.lcs.mit.edu/papers/uia:osdi06.pdf
[2] Kristiina Karvonen, Miika Komu and Andrei Gurtov, Usable Security
Management with Host Identity Protocol, published in The 7th ACS/IEEE
International Conference on Computer Systems and Applications (AICCSA-2009)
[3] Krawczyk, H. and P. Eronen, "HMAC-based
Extract-and-Expand Key Derivation
Function (HKDF)", RFC 5869, May 2010.
[4] Aura, T., Nagarajan, A., and A. Gurtov,
"Analysis of the HIP Base Exchange
Protocol", in Proceedings of 10th
Australasian Conference on Information
Security and Privacy, July 2003.
On 31/12/11 19:04, René Hummen wrote:
Hello René,
this email contains a few references to papers regarding the security
properties and embedding of HIP in today's network environments.
First of all, HIP is a SIGMA-compliant key exchange protocol [1]. To be exact,
it is a derivate of the basic protocol described in Section 5.1, as the HIP BEX
is triggered by a separate (empty) message that is not included in the SIGMA
protocol family. This allows HIP to perform DoS protection against exhaustive
public key-based operations by the responder by means of cryptographic puzzles.
Furthermore, the public key (A) of the responder is already sent in the first
response message. However, this does not impact the security properties, but
rather the anonymity of the responder.
Regarding the usage of HIP, there is a rather comprehensive journal article [2] that
describes the architecture as well as the operation system and infrastructure
requirements of HIP. It also provides some pointers to further papers that may be worth
reading for you. Additionally, Samu Varjonen recently published a paper on the
"Secure Resolution of End-Host Identifiers for Mobile Clients" [3]. However, it
seems to be inaccessible at the moment. Still, you may want to refer to it at later point
in time, as it describes an approach to resolve HITs to IP addresses.
I hope that this small selection is helping you in understanding the properties
of HIP. I would also like to invite other people to contribute to this
discussion, e.g., by providing further references relevant for the CoRE WG.
Regards,
René
[1] Krawczyk, H.; SIGMA: The ‘SIGn-and-MAc’ Approach to Authenticated
Diffie-Hellman and Its Use in the IKE Protocols, ADVANCES IN CRYPTOLOGY -
CRYPTO 2003
Lecture Notes in Computer Science, 2003
[2] Nikander, P.; Gurtov, A.; Henderson, T.R.; Host Identity Protocol (HIP):
Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6
Networks, Communications Surveys& Tutorials, IEEE, 2010
[3] Varjonen, S.; Heer, T.; Rimey, K.; and Gurtov, A.; Secure Resolution of
End-Host Identifiers for Mobile Clients, IEEE GLOBECOM, 2011
On 19.12.2011, at 16:51, Rene Struik wrote:
Perhaps, worth some thoughts under the Christmas tree and then getting back on
this one after New Year.
On 17/11/2011 8:33 PM, Rene Struik wrote:
Hi fellow-Rene:
If you have some papers, I would appreciate. Distributing those would also help
removing hurdles to more wide-scale use of HIP (I saw the slides on lack of
adoption of HIP).
Best regards, Rene
On 14/11/2011 12:49 PM, Rene Struik wrote:
Hi fellow-Rene:
Just curious: is there any research paper outside IETF/IRTF realm that delves
into HIP-related matter? On a tangent: same question, but now re
cryptographically generated addresses? This may help people to appreciate this
effort better, without having to delve into hundreds of pages of specification
text that sometimes seems to obscure seeing the forest for the trees (if I
translate this properly). I, for one, would love to see 2-3 academic papers
that make this subject matter clearer, including security properties,
ease-of-use considerations.
Best regards, Rene
On 14/11/2011 12:38 PM, René Hummen wrote:
Hello everyone,
we already had a few discussions on this list about new topics and research
directions that would foster collaboration within the context of the hiprg.
Hierarchical HITs, IoT-related protocol variants, and middlebox awareness have
been mentioned there among others. In my opinion, an informal meeting before
the hiprg meeting on Thursdays would be a great opportunity to further discuss
about these topics. Furthermore, such a meeting would enable us see who is
interested in which field and which are the pros and cons of the different
topics as perceived by people in a more comfortable and less hurried way than
in an RG meeting.
As most of us will probably be at the social event tomorrow evening, I suggest
to meet for dinner/a drink on Wednesday evening at 7:30pm in order to get some
discussion going. Due to the lack of knowledge about a better place, let's meet
up at the entrance of the convention center (TICC). Please email me if you are
interested.
BR
René
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web:
http://www.comsys.rwth-aachen.de/team/rene-hummen/
_______________________________________________
hiprg mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/hiprg
--
email:
[email protected]
Skype: rstruik
cell: +1 (647) 867-5658
USA Google voice: +1 (415) 690-7363
--
email:
[email protected]
Skype: rstruik
cell: +1 (647) 867-5658
USA Google voice: +1 (415) 690-7363
--
email:
[email protected]
Skype: rstruik
cell: +1 (647) 867-5658
USA Google voice: +1 (415) 690-7363
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/
_______________________________________________
core mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/core
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
