skip to main content
10.1145/1842752.1842794acmotherconferencesArticle/Chapter ViewAbstractPublication PagesecsaConference Proceedingsconference-collections
research-article

Risk analysis of host identity protocol: using risk Identification Method based on Value Chain Dynamics Toolkit

Published: 23 August 2010 Publication History

Abstract

In this paper, we develop a Risk Identification Method based on Value Chain Dynamics Toolkit (VCDT) and apply it to a Risk Analysis of Host Identity Protocol (HIP) in a simple host-server scenario. The HIP Risk Analysis revealed no new risks inherent to the protocol itself. A number of potential risks in a typical deployment were identified. These risks should be analyzed and mitigated in the actual HIP deployment.
The new Risk Identification method provided benefits, particularly in the knowledge transfer, structuring of the interviews and visualization of the value chain. Further study is needed on how to cover trust- and privacy aspects, how to improve ease of documentation and how to proceed from risk identification to security testing.

References

[1]
Anon. 2008. CE Merkintä. http://www.sfs.fi/lainsaadanto/ce_merkinta {referenced 2010-01-15}
[2]
Anon. 2005. Second Edition. ISO/IEC 17799. International Standard: Information technology -- Security techniques -- Code of practice for information security management.
[3]
Anon. 2005. First edition. ISO/IEC 27001. International Standard: Information technology -- Security techniques -- Information security management systems -- Requirements.
[4]
Anon. 2008. First edition. ISO/IEC 27005. International Standard: Information technology -- Security techniques -- Information security risk management.
[5]
Anon. 2009. Version 3.1. Third revision. Common Criteria for Information Technology Security Evaluation. Part 1: Introduction and general model.
[6]
Anon. 2010. Security Development Lifecycle. Microsoft. http://www.microsoft.com/security/sdl/default.aspx {referenced 2010-04-09}
[7]
Anon. 2010. WISEciti (Wireless Community Services for Mobile Citizens) project. http://www.cs.helsinki.fi/group/wiseciti/ {referenced 2010-06-30}
[8]
Beard R. E.; Pentikäinen T. & Pesonen E. 1984 {1969}. Third edition. Risk Theory. The Stochastic Basis of Insurance. Chapman and Hall Ltd, USA.
[9]
Doraswamy, Naganand & Harkins, Dan. 1999. IPsec. The New Security Standard for the Internet, Intranets and Virtual Private Networks. Prentice-Hall, Inc. USA, NJ.
[10]
Halla, Antti. 2006. Master's Thesis: Applying a Systems Approach to Security in a Voice Over IP System. Helsinki University of Tehcnology.
[11]
Hämäläinen, Raimo P.; Pulkkinen, Urho; Karjalainen Risto. 1989. Riskianalyysi. Helsinki University of Technology, System Analysis Laboratory, Research Reports. TKK Offset.
[12]
Klym, Natalie & Trossen, Dirk. Value Chain Dynamics Toolkit. 2006. http://cfp.mit.edu/publications/CFP_WG_WS/VCDWG_MAY_2006/Klym-Trossen.pdf {referenced 2009-10-01}
[13]
Krawczyk, H. 2003. SIGMA: The =SIGn-and-MAc'approach to authenticated Diffie-Hellman and its use in the IKE protocols. Advances in Cryptology-CRYPTO 2003. pp. 400--425. 2003, Springer.
[14]
Moskowitz, R. 1999-05. Draft-Moskowitz-HIP-00, The Host Identity Payload. IETF. http://tools.ietf.org/html/draft-moskowitz-hip-00 {referenced 2010-04-08}
[15]
Moskowitz, R. & Nikander, P. 2006. Host Identity Protocol (HIP) Architecture. IETF RfC 4423. IETF
[16]
Moskowitz, R.; Nikander, P.; Jokela P. & Henderson, T. 2009-12-09. Host Identity Protocol, IETF RfC 5201 (Experimental). IETF
[17]
Nikander P.; Ylitalo, J.; & Wall J., "Integrating Security, Mobility, and Multi-Homing in a HIP Way," in Proceedings of Network and Distributed Systems Security Symposium (NDSS'03), February 6--7, 2003, San Diego, CA, pp. 87--99, Internet Society, February, 2003
[18]
Stoneburner, Gary; Goguen, Alice & Feringa Alexis. 2002. Risk Management Guide for Information Technology Systems, Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800--30, US Department of Commerce. Booz Allen Hamilton ltd.
[19]
Vincoli, Jeffrey W. 2006. Basic Guide to System Safety, Second Edition. John Wiley & Sons.
[20]
Ylitalo, Jukka. 2008. Secure mobility at multiple granularity levels over heterogeneous datacom networks. Doctoral Dissertation. Helsinki University of Technology, Espoo. http://lib.tkk.fi/Diss/2008/isbn9789512295319/isbn9789512295319.pdf {referenced 2010-01-25}

Cited By

View all
  • (2020)HIP-Based Security in IoT Networks: A comparison2020 18th International Conference on Emerging eLearning Technologies and Applications (ICETA)10.1109/ICETA51985.2020.9379228(283-289)Online publication date: 12-Nov-2020
  • (2017)Location Privacy for HIP Based Internet of ThingsAdvances in Computer Science and Ubiquitous Computing10.1007/978-981-10-7605-3_232(1457-1463)Online publication date: 20-Dec-2017
  • (2013)Suitability analysis of existing and new authentication methods for future 3GPP Evolved Packet CoreComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2013.07.02457:17(3370-3388)Online publication date: 1-Dec-2013
  1. Risk analysis of host identity protocol: using risk Identification Method based on Value Chain Dynamics Toolkit

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
    August 2010
    367 pages
    ISBN:9781450301794
    DOI:10.1145/1842752
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • SAS
    • FIRST

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 23 August 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. HIP
    2. risk identification

    Qualifiers

    • Research-article

    Conference

    ECSA '10
    Sponsor:
    ECSA '10: 4th European Conference on Software Architecture
    August 23 - 26, 2010
    Copenhagen, Denmark

    Acceptance Rates

    Overall Acceptance Rate 48 of 72 submissions, 67%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)3
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2020)HIP-Based Security in IoT Networks: A comparison2020 18th International Conference on Emerging eLearning Technologies and Applications (ICETA)10.1109/ICETA51985.2020.9379228(283-289)Online publication date: 12-Nov-2020
    • (2017)Location Privacy for HIP Based Internet of ThingsAdvances in Computer Science and Ubiquitous Computing10.1007/978-981-10-7605-3_232(1457-1463)Online publication date: 20-Dec-2017
    • (2013)Suitability analysis of existing and new authentication methods for future 3GPP Evolved Packet CoreComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2013.07.02457:17(3370-3388)Online publication date: 1-Dec-2013

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media