Internet Engineering Task Force | D.K. Kuptsov |
Internet-Draft | A.G. Gurtov |
Intended status: Informational | Helsinki Institute for Information Technology, Aalto University |
Expires: September 10, 2011 | D.Z. Zhang |
Huawei Technologies Co.,Ltd | |
March 09, 2011 |
Hierarchical Host Identity Tags
draft-kuptsov-hhit-03
This document describes the purpose, structure and possible use case of hierarchical host identity tags for HIP protocol.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2011.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document specifies the purpose, structure and possible use case of hierarchical host identity tags (HHIT) for Host Identity Protocol (HIP) RFC 5201 [RFC5201].
The purpose of HHIT is to enable online verification of flat identifiers (in a scalable way), such as Host Identity Tags (HIT), by corresponding organizations that are responsible for clients holding such identifiers. While one way of verifying whether HIT belongs to a client that is affiliated with some organization (or unit within organization) is to use certificates; such approach can be undesired because it (i) introduces high cost for certificate verification, and (ii) does not directly allow certificate status verification (consider the situation when private key of a particular host was stolen and firewall enforcing certificate verification does not check the revocation status of host's certificate).
The following are the goals of HHIT: (i) allow any on the path security gateway to distinguish to which authority the identifier belongs, and later ask corresponding authority whether given HHIT is valid; (ii) prevent misuse of HHIT by attackers (specifically, the design allows to prevent replaying and constructing "fake" HHITs that will enable attackers to bypass the security gateways).
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HHIT | + | | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type |C| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ENC_HHIT_TIMESTAMP | + + | | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Padding (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The structure of hierarchical HHIT:
Because total length of OID||HHIT||ENC_HHIT_TIMESTAMP exceeds reserved 128 bits for source address in HIP protocol, the Sender's Host Identity Tag should contain only OID||HHIT, while ENC_HHIT_TIMESTAMP should be carried as mandatory HIP parameter in I1 packet.
Register HHIT (offline) +----------------------+------------------>+-------------+ | | | Domain 1 | |Client (from domain 1)| Secret keys | authority | +----------------------+<------------------+-------+-----+ | HHIT /\ | OK | | v | I1 +---+---------+ +------------------>| Security |-->... +------------------>| gateway | | I1 +---+---+-----+ | HHIT | /\ | Register HHIT v | Ok +----------------------+------------------>+-------------+ |Client (from domain 2)| | Domain 2 | | | Secret keys | authority | +----------------------+<------------------+-------+-----+
Next we describe a possible use case - access control with HHIT:
To grasp what would be the performance implications, we measured HHIT verification using 2 DHTs deployed in the Internet and single security gateway. Each DHT was mimic single domain authority. We generated storms of I1 packets towards security gateway, using exponential distribution for interarrival times with different lambda parameter (10,100,1000,10000,100000). Correspondingly, for all traffic patterns we have observed that in 50% of cases verification time was approx. 600-700 ms, and the queue sizes observed on the gateway were varying from 5-300 packets correspondingly.
We mentioned earlier that for every sent I1 packet, sender picks next unused one-time secret to produce HHIT and ENC_HHIT_TIMESTAMP. However, it can be sufficient for domain authority and particular client to share a single secret which is rotated every time T (where T can be on the scale of days).
The Delta threshold should be relatively small to prevent replays. Thus, Delta should be of order of few hundred milliseconds to guarantee sufficient level of security.
[RFC5201] | Moskowitz, R., Nikander, P., Jokela, P. and T. Henderson, "Host Identity Protocol", RFC 5201, April 2008. |