Public Key Protected Data Plane and Demo
Download
Report
Transcript Public Key Protected Data Plane and Demo
Public key protected data plane
HICCUPS Implementation Status
Prabhu Patil
[email protected]
Outline
What is HIP DATA PACKET
Why do we need it
Status
What are next steps?
How does it work?
Conclusion
What is HIP DATA Packet
Alternate way to communicate data without
runnning HIP BEX messages.
HICCUPS Draft.
Provides public key cryptography support for
payload.
Reliable communication without base
exchange.
Provides sender identification with signature,
protects data using HMAC, optionally
includes Ack and Seq mechnaism.
Structure of HIP DATA Packet
HIP Header:
Packet Type = [ : 32 ]
SRC HIT = Sender's HIT
ST HIT = Receiver's HIT
IP ( HIP ( [SEQ, ACK, ]
[HOST_ID, ]
PAYLOAD_HMAC,
HIP_SIGNATURE)
PAYLOAD )
TCP data
IP
HIP
TCP data
HIP
TCP data
When/when not to use it?
In overlay networks: Where other node is
already authorised to join the network. Then
avoid base exchange.
To send and receive momentary upper layer
data without running complex BEX.
Can be useful for Opportunistic
Communication with neighbors.
No suitable when security is major
concern(DOS)
Not suitable for long running connections
Status
Dynamic enable/diable of data-packet mode through hipconf
parameter
Signature and HostId support implemented and verified at
the receiver.
HMAC for data packets needs to be implemeted.
Current assumption is that both sender and receiver
understand HIP Data. Need to modify the code to send R1
when it is not HIP Data enabled.
Need to do measurements and comparisions
Requirement for Ack and Seq functionalities need to be
discussed further and their impact on TCP Seq/Ack.
Problems
Little difficult to break the tight intergration of
the Code with BEX and IPSEC.
Problem with reusing the previous code.
DEMO