Transcript Host Identity Protocol

InfraHIP
HIIT ARU
Portfolio Seminar
Andrei Gurtov
2004-10-12
1
Host Identity Protocol
 Idea: transport protocols bind to a hash of
the host identity key, instead of IP address
 Secure mobility without a need for a centralized
public key infrastructure
 Provides support for mobility, multi-homing
 HIIT active with HIP since 2001, co-author of
IETF specs, the Linux implementation
 IETF working group, IRTF research group
 HIP considered as an architectural piece for
Ambient Networks and Daidalos EU projects,
Internet control plane (Boeing/UCB)
2004-10-12
2
Tekes Infrastructure for HIP Project
 Partners: HIIT, TKK, Nokia, Ericsson,
Operator x, Finnish Defence Forces
 2,5 years, late 2004-2007
 Project Goals
 Study the use of Distributed Hash Tables and
overlay networks for HIP
 Finalize HIP Linux, release as open source
 IETF work on rendezvous, DNS
 Develop native HIP API
 Multiple ids on a single host
 Prototype HIP process migration
 HIP in corporate sector
2004-10-12
3
Current Progress
 Prototype of Host Identity Indirection
Infrastructure (Hi3)
 Use of the Internet Indirection Infrastructure as
a control plane for HIP
 Hiding IP addresses for DoS protection until the
handshake is completed
 Solves the initial rendezvous and double-jump
problems
 Setup of PlanetLab testbed in HIIT
 450 servers worldwide for testing of distributed
applications
2004-10-12
4
International Connections
 ICSI, Berkeley
 Scott Shenker
 UC Berkeley
 Ion Stoica, Anthony Joseph
 M.I.T
 Hari Balakrishnan
 Next meeting in Berkeley in November 3-5
2004-10-12
5
People Involved
 Doc. Pekka Nikander, prof. Martti Mäntylä (HIIT)
 prof. Antti Ylä-Jäaski (TKK)







Andrei Gurtov, PhD
Teemu Koponen, MSc
Miika Komu, ~MSc
Mika Kousa, ~MSc
Dmitry Korzun, PhD
WenPeng, MSc
Janne Lindqvist, MSc
2004-10-12
6
InfraHIP Work Packages
1.
2.
3.
4.
5.
6.
7.
2004-10-12
Architectural
HIP Linux
Rendezvous
Multiple HIP identities
Process migration
New applications
Corporate HIP
7
WP1. Architectural
 Explore the general effect of
identifier/separator split on Internet
 Study alternative solutions to HIP
 Internet Indirection Infrastructure
 Distributed Hash Tables
 Produce report on findings
2004-10-12
8
WP2. HIP on Linux
 Finalize HIIT’s HIP implementation in
Linux kernel
 Release as open source, maintained,
and easily usable software
 Integrate into standard Linux kernel
 Finalize native HIP API
2004-10-12
9
WP3. Rendezvous
 Infrastructure support for resolving
Host Identities for HIP
 DNS Extensions
 Use of Distributed Hash Tables or i3
servers
 Contribute to IETF standards
 Deploy an experimental infrastructure
on a wide-scale testbed PlanetLab
2004-10-12
10
WP4. Multiple Identities
 How to manage and store multiple
host identifiers on a single operating
system
 Needed e.g. for privacy protection
 Contribute to IETF standards
2004-10-12
11
WP5. Process Migration
 Study migration of a running HIP
application between hosts
 Transfer of keys over network
 Implement a prototype
2004-10-12
12
WP6. Applications
 Evaluate new possible applications
enables by HIP
 E.g. distributed file system with backup
 Peer-to-peer systems
 Implement prototypes
2004-10-12
13
WP7. Corporate
 Study use of HIP in the corporate
sector
 VPN solutions
 Management of HIP hosts
 NAT/Firewall traversal
 Prototype of the management tool
2004-10-12
14