Host Identity Protocol

The Host Identity Protocol (HIP) is a host identification technology for use on Internet Protocol (IP) networks, such as the Internet. The Internet has two main name spaces, IP addresses and the Domain Name System. HIP separates the end-point identifier and locator roles of IP addresses. It introduces a Host Identity (HI) name space, based on a public key security infrastructure.

The Host Identity Protocol provides secure methods for IP multihoming and mobile computing.

In networks that implement the Host Identity Protocol, all occurrences of IP addresses in applications are eliminated and replaced with cryptographic host identifiers. The cryptographic keys are typically, but not necessarily, self-generated.

The effect of eliminating IP addresses in application and transport layers is a decoupling of the transport layer from the internetworking layer (Internet Layer) in TCP/IP.^[1]

HIP was specified in the IETF HIP working group. An Internet Research Task Force (IRTF) HIP research group looks at the broader impacts of HIP.

The working group is chartered to produce Requests for Comments on the "Experimental" track, but it is understood that their quality and security properties should match the standards track requirements. The main purpose for producing Experimental documents instead of standards track ones are the unknown effects that the mechanisms may have on applications and on the Internet in the large.

Host Identity Protocol version 2 (HIPv2)

The second version of the Host Identity Protocol (HIP), also known as HIP version 2 (HIPv2), is an update to the protocol that enhances security and support for mobile environments. HIP continues to separate the roles of identification and location in IP addressing by implementing a host identity namespace based on cryptography. This version introduces new features that allow devices to connect more securely and efficiently, even in scenarios involving mobility and multihoming (connecting to multiple networks).

Enhanced Security HIPv2 strengthens device authentication security and provides protection against spoofing and denial-of-service (DoS) attacks. Host Identifiers (HIs) are generated with cryptographic keys, giving each device a unique identity. The protocol also uses the Encapsulating Security Payload (ESP) format for encrypting data, which ensures the integrity and confidentiality of communications.

Mobility and Multihoming HIPv2's design enables devices to change networks without losing the session, a crucial advantage for mobile and IoT applications. This capability to switch networks seamlessly makes HIPv2 well-suited for devices that require constant and reliable connectivity, such as mobile phones and IoT sensors. Additionally, HIPv2 facilitates multihoming, allowing simultaneous connections to multiple networks, which improves connection resilience and availability.

RFC references

RFC 4423 - Host Identity Protocol (HIP) Architecture (early "informational" snapshot, obsoleted by RFC 9063)
RFC 5201 - Host Identity Protocol base (Obsoleted by RFC 7401)
RFC 5202 - Using the Encapsulating Security Payload (ESP) Transport Format with the Host Identity Protocol (HIP) (Obsoleted by RFC 7402)
RFC 5203 - Host Identity Protocol (HIP) Registration Extension (obsoleted by RFC 8003)
RFC 5204 - Host Identity Protocol (HIP) Rendezvous Extension (obsoleted by RFC 8004)
RFC 5205 - Host Identity Protocol (HIP) Domain Name System (DNS) Extension (obsoleted by RFC 8005)
RFC 5206 - End-Host Mobility and Multihoming with the Host Identity Protocol
RFC 5207 - NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication
RFC 6092 - Basic Requirements for IPv6 Customer Edge Routers
RFC 7401 - Host identity protocol version 2 (HIPv2) (updated by RFC 8002)
RFC 7402 - Using the Encapsulating Security Payload (ESP) transport format with the Host Identity Protocol (HIP)
RFC 8002 - Host Identity Protocol Certificates
RFC 8003 - Host Identity Protocol (HIP) Registration Extension
RFC 8004 - Host Identity Protocol (HIP) Rendezvous Extension
RFC 8005 - Host Identity Protocol (HIP) Domain Name System (DNS) Extension
RFC 8046 - Host Mobility with the Host Identity Protocol
RFC 8047 - Host Multihoming with the Host Identity Protocol
RFC 9028 - Native NAT Traversal Mode for the Host Identity Protocol
RFC 9063 - Host Identity Protocol Architecture

References

^ RFC 4423, Host Identity Protocol (HIP) Architecture, Section 4.1

External links

IETF HIP working group
IRTF HIP research group
OpenHIP project
How HIP works - InfraHIP project archive
HIP simulation framework for OMNeT++. Archived 2019-06-28 at the Wayback Machine

[1] RFC 4423, Host Identity Protocol (HIP) Architecture, Section 4.1

[1]

v t e Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication (eAuth) Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocols	ACF2 Authentication and Key Agreement (AKA) CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons

RFC references

See also

References

External links