Secure HostIdentity Delegation forMobility

We develop ascheme forhostidentity delegationSchemessuchasMobileIPv6(MIPv6)(13)andthe basedontheHostIdentity Protocol (HIP). We showhow HostIdentity Protocol(HIP) (16)provide a 'host identity', thisschemecanbe applied toenablethemovementof referred toasaCare-of-Address (CoA)intheformer anda communication sessions between devices e.g. inaPersonal Area Network (PAN), ortosecurely andseamlessly insert anynumber hostidentity tag(HIT)inthelatter, thatisseparate fromits ofservice proxies inbetween session endpoints e.g. toadaptroutable IPorIPv6address. Thisopensupthepossibility to datatosuit different devices inaPAN.Identities aresecurely handle usermobility innewwaysbymovinghostidentities delegated byrelaying HIPsignalling messages tothedevicebetween physical devices. Inthis paperwedescribe ascheme thatownstheprivate key. Thisavoids security issues caused by forthesecure temporary delegation ofhostidentity. Themain dissemination ofprivate keys. Thisalsoensures thatdelegated endpoint identities areinstantly andpermanently revocable by qualitative advantage ofourapproach isthat itallows the theoriginal device whichremains infull control oftheprivate hostidentity ownertoretain full control overtheuseoftheir keyusedtoauthorise useoftheidentity. We showthatthe identity, andasimple mechanism toretract delegated authority delegation process introduces minimal additional signalling, and tousetheir identity. A further advantage oftheimplemented present results ofevaluation ofa prototype whichshowthe prototype detailed inthispaperisthatitisdeployable as schemeresults innodetriment totheperformance ofHIP. a transparent modularextension toexisting software.This provides a foundation fortheintuitive mobility handling I.INTRODUCTION enabled bypersonalised networks, asdescribed above. Personalised networking (PN), inwhichmultiple networked devices aretied toasingle user, hasextended thenotion of Ourproposal enables themovementofcommunication 'mobility' toinclude thecollective movementofgroups of s b sessions between endpoint devices, aswellasthetransparent devices. A PNmaybecomposed ofdevices residing invariousinsertion andremoval ofintermediary routing oradaptation networks suchasPersonal AreaNetworks (PAN), Vehicular services. Suchacapability makespossible, forexample, the AreaNetworks (VAN)andtheInternet. Thegoalofmobility transfer ofcommunication sessions todevices withbetter management insuchanenvironment istoensure that usersmediadisplay capabilities ortheuseofdevices withcheaper ofaPN arepresented withthedatatheyrequest regardless network connectivity asproxies. Otherexample applications ofnotonlytheir ownmovement, butalsomovementof ofno nyhi wnmvmnt uas oemn fmay betoallow adevice topro-actively delegate thedelivery thevarious devices inandoutofthePN.Disregarding the ofadatastream toanother device inanticipation ofleaving obvious butcumbersome solution ofmanually restarting the aPN,andtosecurely insert orremoveintermediary service communication sessions eachtimeamobility eventoccurs,proxies that areabletoadapt theapplication datatosuit the itispossible toaddress PN mobility ina smoother fashionlimitations orimproved capabilities ofanewterminal device. bytaking advantage ofthefact that there maybemorethanLater on we discuss andevaluate theperformance ofour onedevice inaPN that iscapable ofsuccessfully delivering schemebased onseveral ofthese scenarios. Thequantitative application datatotheuser. Onesuchapproach istomove results presented inthispaperalsorepresent a detailed ongoing communication sessions between available devices evaluation oftheperformance ofHIPinlinux. ifthecurrent device becomesunavailable orincapable of receiving orrendering theapplication data. Inorder tomake this possible, intermediary adaptation services maybeneeded Therestofthepaper isstructured asfollows. Section IIpro- toresolve discrepancies between thecapabilities ofthenew videsbackground on theHostIdentity Protocol, inter-device endpoint device andtherequirements oftheongoing commu- mobility, andfurther explains howinsertion ofintermediary nication sessions. Theseareexamples ofuseful functionality service proxies canbeconsidered amobility handling tech- possible inPNthat isnotsupported intoday's systems. nique. InSections IIIandIVwedescribe ourproposal and inSection V weanalyse results obtained fromanalysis ofour