Experience with the Host Identity Protocol for Secure Host Mobility and Multihoming

Thomas R. Henderson, Jeffrey M. Ahrenholz, and Jae H. Kim

To appear in IEEE Wireless Communications and Networking Conference (WCNC), March 2003.

Abstract: The Host Identity Protocol (HIP) is a recent protocol proposal for secure host mobility and multihoming using a cryptographic-based name space for Internet hosts. HIP aims to decouple IP addresses from transport connections in a secure manner, thereby admitting network-level mobility and multihoming solutions that do not require the use of a single IP address as a host identifier. Although HIP and related protocol proposals have been circulating for several years, there has been little reported implementation experience with the approach. This paper reports on our experience with implementing HIP and experimenting with it as a mobility management and host multihoming solution. After first introducing the HIP approach and contrasting it with other solutions, we describe our approach for implementing HIP as an extension to Linux and FreeS/WAN IPsec, including our use and extension of standard APIs. We then characterize the performance of HIP packet exchanges experimentally, and report that the computational overhead is dominated by the DSA signature computations. We conclude by offering directions for future work.

Here are some links for HIP:
  • Bob Moscowitz's HIP homepage
  • HIP implementation from Helsinki University of Technology (for Linux IPv6)
  • HIP for NetBSD Project