In this section we give an overview of HIP and its security mechanisms. For more detailed surveys, see (Gurtov, 2008; Nikander et al., 2010).
Cryptographic Name Space and the Base Exchange
HIP adds a new name space to the TCP/IP protocol stack. Network hosts are identified HIs, which are public cryptographic keys. Therefore, peers authenticate directly by their HIs. HIP is backwards compatible, i.e. no changes to the network infrastructure or to applications are needed. In order to bind other names to HIs, Host Identity Tags (HITs) and mechanisms like DNSSEC, SPKI certificates, and X.509 certificates are available.
If an entity A wants to start a HIP connection with B, A first makes a DNS query to get B’s IP address and HI. In this query, A uses human-friendly host names. It is essential that A can trust the DNS response. If the response data is incorrect, then A could communicate with a malicious entity without noticing it.
There can be only one HIP SA between a pair of HITs. Multiple SAs between two hosts require several HITs per host. Therefore, a host may have several RSA or DSA public/private key pairs.
A HIP connection is negotiated by a Base Exchange protocol, see Figure 1. An initiator I starts the negotiation with a responder R. Messages R1, I2, R2 are signed (sig). R1 and I2 contain Diffie-Hellman parameters (DH(r), DH(i)), a puzzle (in R1), its solution (in I2), and a puzzle difficulty parameter K. R1 and I2 may contain certificates. Normally the signature in R1 can be calculated beforehand, because the signature does not contain HIT(i) or the checksum if a puzzle is used. After receiving R1, I calculates the Diffie-Hellman secret. R calculates the same secret after receiving I2. This secret is used in the hmac values in I2 and R2. The hmac value is checked before the signature is checked. The CERT parameter is optional. It is contained in the variable size part of the HIP packet. The maximum HIP packet length is 2040 bytes and the maximum parameter field length is 2008 bytes.
The standard also allows an opportunistic mode in which I starts Base Exchange without HIT(r) in I1 (it is set to zero). This mode creates security vulnerabilities and should be avoided in unsecure environments.