What is Host Identity Protocol (HIP)?


February 8, 2019

The other day a few of my colleagues and I went to a local Sysadmins and Networking meetup hosted by SEA-TUG.

The topic of the night was Host Identity Protocol (HIP), and Michael Falkenrath of Tempered Networks presented it. While we don’t currently offer any of Tempered’s solutions in our MSSP offerings, the topic of HIP caught my attention, and I figured it might be a good idea to get more familiar with it in general.

What is Host Identity Protocol (HIP)?

HIP is a host identification technology for use on the Internet. HIP separates the end-point identifier and locator roles of IP addresses.

What does HIP do?

HIP allows consenting hosts to securely establish and maintain shared IP-layer state, allowing separation of the identifier and locator roles of IP addresses. HIP uses public key identifiers from a new Host Identity namespace for mutual peer authentication.

The protocol is designed to be resistant to denial-of-service (DoS) and man-in-the-middle (MitM) attacks. When used together with another suitable security protocol, such as the Encapsulated Security Payload (ESP), it provides integrity protection and encryption for upper-layer protocols, such as TCP and UDP.

Who developed HIP?

HIP was developed concurrently by the IETF (Internet Engineering Task Force) and the IRTF (Internet Research Task Force). It was first documented as IETF RFC 5201 (which you can read here: https://tools.ietf.org/html/rfc5201)

HIP has matured over 15 years of research, development, and deployment from companies like Boeing, Verizon, and Ericsson, as well as universities around the world.

How does HIP work?

Let’s start with how traffic/communication moves across the internet. Internet traffic is controlled by Domain Name Services and IP addresses (the two namespaces mentioned above). Those two namespaces have essential responsibilities:

  1. Managing the overall network interface
  2. Handling the location-name

IP addresses are responsible for separating and distinguishing between packet delivery to end nodes and individual hosts.

HIP allows for a computer to use mobile computing and multi-homing. Whereas typically the location of any host is responsible for routing data packets according to the IP addresses mentioned against their nodes, HIP handles things differently.

In a HIP network, IP addresses are eliminated and replaced with cryptographic host identifiers, which are self-generated. The cryptographic host identifiers allow for encrypted peer-to-peer connectivity.

Who should be using HIP?

That’s a good question, and I rightly don’t know the answer to it. I can only go with what Tempered mentioned in the demonstration, and that’s…pretty much everybody.

They’ve deployed their solution for educational institutions, healthcare providers; you name it. However, I’m still very unfamiliar with HIP and I’ll need to do a bit more research before I can speak more about its benefits/shortcomings.

Until then, what do you think about HIP? Is it right for you? Let us know in the comments!

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...