Integrating Security, Mobility and Multi-Homing in a HIP Way

The current trend in mobile networking is towards mobile hosts that have multiple network interfaces, e.g., WLAN and GPRS. However, when the current Internet architecture was originally designed, neither mobility nor multihoming were considered. In the current architecture an IP address represents both a host’s identity and the host’s topological location. This overloading has led to several security problems, including the so called address ownership problem, making IP mobility and multi-homing unnecessarily hard from the security point of view. In this paper we show how the Host Identity Payload (HIP), being discussed at the IETF, can be used to simultaneously solve the security problems, and many of the practical problems, related to end-host multi-homing and endhost mobility. Basically, HIP introduces a new cryptographic name space and protocol layer between network and transport layers, breaking the fixed binding between identities and locations. The approach is especially suitable for large open networks, where no pre-existing trust relationships can be assumed. We also report our early implementation experiences.