论文信息 - An Implementation of HIP for Linux

An Implementation of HIP for Linux

One of the main problems with IP has been its lack of security. Although IPSec and DNSSec have provided some level of security to IP, the notion of a true identity for hosts is still missing. Typically, the IP address of the host has been used as the host identity, regardless of the fact that it is nothing more than routing information. The purpose of the Host Identity Payload/Protocol (HIP) architecture is to add a cryptographically based name space, the Host Identity, to the IP protocol. The Host Identity serves as the identity of the host, whereas the IP address is merely used for routing purposes. In this paper, we describe the HIP architecture further, and present our IPv6 based implementation of HIP for Linux.

Catharina. Candolin

[1] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[2] Randall J. Atkinson,et al. IP Encapsulating Security Payload (ESP) , 1995, RFC.

[3] Pekka Nikander,et al. Integrating Security, Mobility and Multi-Homing in a HIP Way , 2003, NDSS.

[4] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[5] OpenSSL. OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[6] Pekka Nikander,et al. DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[7] Brian Wellington,et al. Domain Name System Security (DNSSEC) Signing Authority , 2000, RFC.

[8] Randall J. Atkinson,et al. Security Architecture for the Internet Protocol , 1995, RFC.

[9] Stephen E. Deering,et al. Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[10] Paul V. Mockapetris,et al. Domain names - implementation and specification , 1987, RFC.

[11] Pekka Nikander,et al. Experimenting with early opportunistic key agreement , 2002 .