What is the Host Identity Protocol and Why is it so Important?

By
Erik Giesa

I’ve spent over twenty years working in the technology world, specifically in networking, and for nearly all that time I was confronted with the limitations of IP networking. Since coming to work for Tempered Networks, however, I have discovered a world of networking without borders or boundaries. One where we can securely connect any two devices, anywhere in the world, no matter the network or connectivity medium, with the click of a mouse. The reason for this is the Host Identity Protocol (HIP).

To understand why HIP is so important to the future of networking, we must look at the history of TCP/IP. In the late 1960’s computer scientists ran an experiment connecting one computer at UCLA to different computer at Stanford, implementing the basic framework of IP networking for the first time. Since point-to-point communication was the only goal, not flexibility or security, TCP/IP was primarily designed for connectivity. As a result, the IP address took on a dual function, determining the name and location of a machine on the internet, and acting as both identifier and locator. This dual function also introduced a broken trust model in the framework of TPC/IP from the very beginning.

Almost 50 years after the IP address was first used to connect two computers in California, it is now used to connect nearly every device in the world. And the fundamental flaw in the experiment, using the same address for location and identity, is causing us all kinds of problems. As Vint Cerf, the father of the Internet and inventor of TCP/IP put it, “If I could turn back time, I would go back and do a better job on trusted authentication and mobility, which we did a very poor job with and are paying for now, with additional hard work.” Something had to change and this is where HIP comes into play.

The concept behind HIP was first proposed by Robert Moskowitz in 1999 as a way to overcome the fundamental flaw in TCP/IP networking - using an IP address as both location and identity. Working with other leading academics and global companies, Robert and others made progress in defining the protocol, and getting ready for initial deployments. In 2006 HIP was introduced for use in secure military communications and for securing and enabling network mobility of tooling infrastructure in manufacturing operations at Boeing.

In addition to Boeing, HIP was also being developed by the IETF working group, in coordination with the Internet Research Task Force (IRTF) and companies including Ericsson, Nokia, Verizon, TeliaSonera, along with the Trusted Computing Group and IEEE 802 standards bodies.

After 8 years of testing and refinement, HIP was accepted by the IETF as a proposed standard. In April of 2015 HIP RFC 5201-bis was officially ratified as a new, open networking security protocol. In addition to being inherently secure with end-end to encryption, one of the most important principles is that HIP be both backward and forward compatible with any IP-based network, application or resource. HIP separates the end-point identifier and locator roles of IP addresses, which fixes the broken trust model and introduces a more flexible networking and secure Host Identity Namespace.

The implications of this on the networking world are huge. With HIP, we can move beyond routing to the concept of orchestration, where we define network trust relationships by identity, at the device level, while still using traditional IP addressing for location across the Internet. This Identity-First architecture, leads us directly to a transition from address-defined networking to identity-defined networking.

Using HIP, we can eliminate much of the complexity and constraints that make secure networking difficult, if not impossible. In a more technical sense, HIP allows consenting hosts to securely establish and maintain shared IP-layer state, enabling separation of the identifier and locator roles of IP addresses. The separation of location and identity removes many of the constraints we face with traditional IP networking, eliminating conflicts and making direct device-to-device connections possible, no matter where the devices are located. This is what I mean when I talk about networking without borders or boundaries. It’s a paradigm shift in terms of how we look at secure networking, what can be connected and where those devices and systems live.

If you want to know more about HIP and what it means for you and your organization, you can find additional information at www.temperednetworks.com as well as:

 

Article: Washington Post - Net of Insecurity: A flaw in the TCP/IP design

Whitepaper: A Primer on HIP (Host Identity Protocol) by Dr. Andrei Gurtov

Book: Host Identity Protocol (HIP): Towards the Secure Mobile Internet (Wiley Series on Communications Networking)

Book: Beyond HIP: Then End of Hacking As We Know It – by Richard Paine