Hide menu

TDDE21 Advanced Project: Secure Distributed and Embedded Systems

Course information

It looks like we will have one project for 5-6 students in Fall 2017.

Host Identity Protocol (HIPv2) is a newly standardized network security protocol by the IETF (RFC 7401). It establishes encrypted IPsec tunnels between hosts identified by public/private keys. While commercial use of HIP is rapidly progressing (www.temperednetworks.com) its open-source implementations are somewhat outdated. Your task is to setup a virtual machine environment to test basic HIP functions such as Base Exchange, mobility update, multihoming with wireshark packet capture. OpenHIP can be run with CORE network simulator. OpenHIP software should be updated to support the latest RFCs.

(Old release of HIP Virtual World or lab sessions for TDDD17 course with MLN setup can be also used as starting points.)

You can study background material:

Main changes from HIPv1 to HIPv2

  • cryptographic agility features
  • update of mandatory/optional algorithms, including ECDSA and ECDH, HMAC-SHA-256, RSASSA-PSS
  • Initiator may express DH group preference in I1
  • Different crypto hash algorithms to generate the HIT
  • HIT Suites group together pub key sig, hash fn, and hash truncation
  • Puzzle uses HIT hash function
  • Procedures for aborting HIP BEX added.
  • Guidance on preventing downgrade attacks on crypto algorithms.
  • Key derivation function now negotiable aspect of protocol.
  • Clarifications on multiple ACKs and echo requests

The minimum goal is to implement and test in CORE the v2 base exchange and IPsec (RFC7401 and RFC7402). Current code implements RFC5201 and RFC5202.

The ideal goal is also mobility (RFC8046), multihoming (RFC8047), certificates (RFC8002), registration (RFC8003), rendezvous (RFC8004), and DNS (RFC8005).

Page responsible: Andrei Gurtov
Last updated: 2017-07-14