“Within the set of many identifier-locator separation designs for the Internet, HIP has progressed further than anything else we have so far. It is time to see what HIP can do in larger scale in the real world. In order to make that happen, the world needs a HIP book, and now we have it.” - Jari Arkko, Internet Area Director, IETF One of the challenges facing the current Internet architecture is the incorporation of mobile and multi-homed terminals (hosts), and an overall lack of protection against Denial-of-Service attacks and identity spoofing. The Host Identity Protocol (HIP) is being developed by the Internet Engineering Task Force (IETF) as an integrated solution to these problems. The book presents a well-structured, readable and compact overview of the core protocol with relevant extensions to the Internet architecture and infrastructure. The covered topics include the Bound End-to-End Tunnel Mode for IPsec, Overlay Routable Cryptographic Hash Identifiers, extensions to the Domain Name System, IPv4 and IPv6 interoperability, integration with SIP, and support for legacy applications.
Unique features of the book:
- All-in-one source for HIP specifications
- Complete coverage of HIP architecture and protocols
- Base exchange, mobility and multihoming extensions
- Practical snapshots of protocol operation
- IP security on lightweight devices
- Traversal of middleboxes, such as NATs and firewalls
- Name resolution infrastructure
- Micromobility, multicast, privacy extensions
- Chapter on applications, including HIP pilot deployment in a Boeing factory
- HOWTO for HIP on Linux (HIPL) implementation
An important compliment to the official IETF specifications, this book will be a valuable reference for practicing engineers in equipment manufacturing companies and telecom operators, as well as network managers, network engineers, network operators and telecom engineers. Advanced students and academics, IT managers, professionals and operating system specialists will also find this book of interest.
Table of Contents:
About the Author. Foreword. (Jari Arkko)
Foreword. (David Hutchison)
Preface.
Acknowledgments.
Abbreviations.
Part I Introduction.
Chapter 1: Overview.
1.1 Identifierâ??locatorsplit.
1.2 HIPin the Internetarchitecture.
1.3 BriefhistoryofHIP.
1.4 Organization of the book.
Chapter 2: Introduction to network security.
2.1 Goalsof cryptographicprotocols.
2.2 Basics andterminology.
2.3 Attacktypes.
2.4 Defensemechanisms.
2.5 Securityprotocols.
2.6 Weakauthenticationtechniques.
2.7 SecureDNS.
Part II The Host Identity Protocol.
Chapter 3: Architectural overview.
3.1 Internet namespaces.
3.2 Methods of identifying a host.
3.3 OverlayRoutableCryptographicHashIdentifiers.
Chapter 4: Baseprotocol.
4.1 Base exchange.
4.2 OtherHIPcontrolpackets.
4.3 IPsec encapsulation.
Chapter 5: Main extensions.
5.1 Mobility and multihoming.
5.2 Rendezvous server.
5.3 DNSextensions.
5.4 Registrationprotocol.
Chapter 6: Advanced extensions.
6.1 Opportunistic mode.
6.2 Piggybacking transport headers to base exchange.
6.3 HIPservicediscovery.
6.4 Simultaneous multiaccess.
6.5 DisseminatingHITswitha presenceservice.
6.6 Multicast.
Chapter 7: Performance measurements.
7.1 HIPonNokia InternetTablet.
7.2 Experimental results.
7.3 Summary.
Chapter 8: Lightweight HIP.
8.1 Security functionality of HIP.
8.2 HIPhigh-levelgoals.
8.3 LHIPdesign.
8.4 LHIPperformance.
8.5 Discussion.
Part III Infrastructure Support.
Chapter 9: Middlebox traversal.
9.1 Requirements for traversinglegacymiddleboxes.
9.2 LegacyNATtraversal.
9.3 Requirements forHIP-awaremiddleboxes.
9.4 HIP-awarefirewall.
Chapter 10: Name resolution.
10.1 Problemstatementofnaming.
10.2 DistributedHashTables.
10.3 HIPinterface toOpenDHT.
10.4 Overviewofoverlaynetworks.
10.5 Host Identity Indirection Infrastructure.
10.5.1 Separatingcontrol,data, andnaming.
10.5.2 Thedata plane.
10.5.3 Thecontrolplane.
10.5.4 Discussionof theHi3design.
Chapter 11: Micromobility.
11.1 Local rendezvousservers.
11.2 Secure micromobility.
11.3 Network mobility.
Chapter 12: Communication privacy.
12.1 SPINAT.
12.2 BLIND.
12.3 Anonymousidentifiers.
Part IV Applications.
Chapter 13: Possible HIP applications.
13.1 VirtualPrivateNetworking.
13.2 P2PInternetSharingArchitecture.
13.3 InteroperatingIPv4andIPv6.
13.4 SecureMobileArchitecture.
13.5 Liveapplicationmigration.
13.6 NetworkoperatorviewpointonHIP.
Chapter 14: Application interface.
14.1 UsinglegacyapplicationswithHIP.
14.2 API fornativeHIPapplications.
Chapter 15: Integrating HIP with other protocols.
15.1 GeneralizedHIP.
15.2 The use of Session Initiation Protocol.
15.3 EncapsulatingHIPdatausingSRTP.
15.4 ReplacingHIPbase exchangewithIKEv2.
15.5 MobileIPandHIP.
15.6 HIPproxyfor legacyhosts.
Installing and using HIP.
Bibliography.
Index.
About the Author :
Andrei Gurtov is a senior research scientist leading the Networking Research group at the Helsinki Institute for Information Technology focusing on the Host Identity Protocol and next generation Internet architecture. He received his M.Sc and Ph.D. degrees in Computer Science from the University of Helsinki, Finland. He co-chairs the IRTF research group on HIP and teaches as an adjunct professor at Telecommunications and Multimedia Laboratory of the Helsinki University of Technology.
Review :
"I recommend this book to all software writers and engineers who are working in the context of mobile IP, IPv6, and the future internet. Graduate and advanced undergraduate students who are interested in discovering a practical and challenging application of identity management models and cryptographic protocols will also benefit from this book." (Computing Reviews, May 5, 2009)
