ABSTRACT
As mobile and multi-homed devices are becoming ubiquitous, the need for a dynamic, yet secure communication protocol is unavoidable. The Host Identity Protocol (HIP) was constructed to meet this requirement; to provide significantly more secure mobility and multi-homing capabilities. HIP opportunistic mode, which is to be used when other, more trusted mechanisms are lacking, is based on a leap of faith (LoF) paradigm. In this paper, we analyze different Man in the middle (MiTM) attacks which might occur under this LoF, and propose a set of tweaks for hardening opportunistic HIP (HOH) that strengthen opportunistic mode's security.
- Jari Arkko, Thomas Henderson, and Christian Vogt. Host mobility with the host identity protocol. 2017.Google Scholar
- Tuomas Aura, Aarthi Nagarajan, and Andrei Gurtov. Analysis of the hip base exchange protocol. In Australasian Conference on Information Security and Privacy, volume 21, pages 481--493. Springer, 2005. Google ScholarDigital Library
- Steve Deering and Robert Hinden. Rfc 2460: Internet protocol, 1998.Google Scholar
- Andrei Gurtov. Host identity protocol (HIP): towards the secure mobile internet, volume 21. John Wiley & Sons, 2008. Google ScholarCross Ref
- Andrei Gurtov and Tom Henderson. The host identity protocol (hip) experiment report. 2012.Google Scholar
- Andrei Gurtov, Miika Komu, and Robert Moskowitz. Host identity protocol: identifier/locator split for host mobility and multihoming. Internet Protocol J, 12(1):27--32, 2009.Google Scholar
- Thomas Henderson, Tobias Heer, Petri Jokela, and Robert Moskowitz. Host identity protocol version 2 (hipv2). 2015.Google Scholar
- Petri Jokela. Using the encapsulating security payload (esp) transport format with the host identity protocol (hip). 2008.Google Scholar
- Christophe Kalt. Rfc 2813: Internet relay chat: Server protocol. Network Working Group, IETF. En ligne. http://tools.ietf.org/html/rfc2813, 2000.Google Scholar
- Kristiina Karvonen, Miika Komu, and Andrei Gurtov. Usable security management with host identity protocol. In AICCSA, pages 279--286, 2009. Google ScholarCross Ref
- S Kent. Rfc 4303. IP Encapsulating Security Payload (ESP), 2005.Google Scholar
- Miika Komu and Janne Lindqvist. Leap-of-faith security is enough for ip mobility. In 2009 6th IEEE Consumer Communications and Networking Conference, pages 1--5. IEEE, 2009. Google ScholarCross Ref
- J Laganier and L Eggert. Rfc 5204: Host identity protocol (hip) rendezvous extension. Request for Comments, 5204, 2011.Google Scholar
- Paul Mockapetris. Rfc 1034: Domain names: concepts and facilities (november 1987). Status: Standard, 6, 2003.Google Scholar
- P Nikander, T Henderson, C Vogt, and J Arkko. Rfc 5206: End-host mobility and multihoming with the host identity protocol. Request for Comments, 5206, 2008.Google Scholar
- P Nikander and J Laganier. Rfc 5205: Host identity protocol (hip) domain name system (dns) extension. Request for Comments, 5205, 2008.Google Scholar
- Pekka Nikander, Jukka Ylitalo, and Jorma Wall. Integrating security, mobility and multi-homing in a hip way. In NDSS, volume 3, pages 6--7, 2003.Google Scholar
- Viet Pham and Tuomas Aura. Security analysis of leap-of-faith protocols. In International Conference on Security and Privacy in Communication Systems, pages 337--355. Springer, 2011.Google Scholar
- Oleg Ponomarev and Andrei Gurtov. Using dns as an access protocol for mapping host identifiers to locators. In Routing in Next Generation Workshop, Madrid, Spain, 2007.Google Scholar
- Jon Postel et al. Rfc 791: Internet protocol. 1981.Google Scholar
- E Rescorla. Rfc 2631: Diffie-hellman key agreeement method. RTFM Inc., juin, 1999.Google Scholar
- Ph D Peter Sjödin. Efficient leap of faith security with host identity protocol.Google Scholar
- Ariel Stulman, Jonathan Lahav, and Avraham Shmueli. Spraying diffie-hellman for secure key exchange in manets. In Cambridge International Workshop on Security Protocols, pages 202--212. Springer, 2013. Google ScholarCross Ref
- Ariel Stulman and Alan Stulman. Spraying techniques for securing key exchange in large ad-hoc networks. In Proceedings of the 11th ACM Symposium on QoS and Security for Wireless and Mobile Networks, pages 29--34. ACM, 2015. Google ScholarDigital Library
- Samu Varjonen and Tobias Heer. Host identity protocol certificates. 2011.Google Scholar
- Samu Varjonen, Miika Komu, and Andrei Gurtov. Secure and efficient ipv4/ipv6 handovers using host-based identifier-locator split. In Software, Telecommunications & Computer Networks, 2009. SoftCOM 2009. 17th International Conference on, pages 111--115. IEEE, 2009.Google Scholar
- Zachary Zeltsan, Sarvar Patel, Igor Faynberg, and Alec Brusilovsky. Passwordauthenticated key (pak) diffie-hellman exchange. 2010.Google Scholar
Index Terms
- Hardening Opportunistic HIP
Recommendations
Virtual address space mapping for IP auto-configuration in MANET with security capability
ICAIT '08: Proceedings of the 2008 International Conference on Advanced Infocomm TechnologyMobile Ad Hoc Networks (MANETs) are networks with self-organizing capabilities and without a fixed infrastructure. Wireless nodes communicate among themselves using multi-hop radio relaying, without requiring the packets to pass through a central access ...
Mobility-Based Routing in Opportunistic Networks
In Opportunistic Networks OppNets nodes are only intermittently connected. A complete path from the sender node to the receiver does not exist. Mobile objects exploit direct contact for message transmission without relying on an existing end to end ...
Security and trust management in opportunistic networks: a survey
As a new networking paradigm, opportunistic networking communications have great vision in animal migration tracking, mobile social networking, network communications in remote areas and intelligent transportation, and so on. Opportunistic networks are ...
Comments