Opportunistic Security of Host Identity Protocol

Abstract

Host Identity Protocol (HIP) is a proposal to decouple the host identifier from locator in the Internet protocol stack. HIP securely provides mobility and multi-homing. HIP introduces the Host Identity name space, which is consisted of Host Identifiers (HIs). Host Identity Tag (HIT) is a 128-bit hashed encoding from HI and it is used to represent the Host Identity.

The goal of this thesis was to design and implement the HIP opportunistic mode to enhance the functionality of HIP for Linux (HIPL). The opportunistic mode provides the opportunity to use HIP when the Responder's HIT is not prior known to the Initiator. New data structure and database are introduced to handle the HIT request. In addition, the modifications of libinet6 resolver library are carried out in order to support the opportunistic mode. The modifications are performed by wrapping several socket API functions.

The implementation is tested and verified against the evaluation criteria, and it fulfils the functional requirements. The opportunistic mode con-figuration mechanism is provided, and the configuration can be executed during source code compilation and application runtime. Handling the consecutive opportunistic mode base exchange is implemented by introducing a database to store the received Responder's HITs. Finally, the further study and development on opportunistic mode are outlined.