[hipl-users] Re: security properties of HIP
- From: Miika Komu <miika@xxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Thu, 20 Jan 2005 23:29:31 +0200 (EET)
On Thu, 20 Jan 2005, Murugaraj Shanmugam wrote:
> I am checking the HIP protocol for security considerations using OFMC
> model checker. I found that in the HIP protocol,
Sounds interesting!
> ( i ). the server can authenticate to the client by sending the HI in
You probably mean here that the client can authenticate the server.
> clear in the R1 packet and signs it.so the Initiator can verify the
> identity .(becas he knows the HI from DNS look up)
Yes. The initiator (client) queries the responder's HI or HIT from the DNS
and sends the I1 to the HIT calculated from the server. The responder
(server) sends its HI in clear text in R1. The initiator gets the R1
packet and can verify that the HI matches the one queried from DNS and it
also checks the R1 signature. The initiator sends an R2 packet. In the
R2, the host identity of the initiator is sent (encrypted).
> (ii ). the server cannot authenticate client, because he do not check
> the HI from the DNS or from secure method. An Intruder can legitemetly
> establish a connection.
Good question but what does the checking from the DNS really tell the
server? I guess the server can have a some kind of access control list
based on host identities that cab be used for accepting only certain
hosts.
In the I1, the responder gets the initiator's HIT and IP address only. The
responder can try to resolve the IP address if initiator and try to find
if it finds a matching HIT. The HIT could be also be a type 2 (HAA)
HIT which includes some information about the domain of the initiator's
HIT. In the I2, the responder gets the initiators HI, HIT, IP address and
possibly FQDN. FQDN can be used for resolving the initiators HIT although
I doubt the usefullness of this (and it's bad for performance - more
round-trips).
--
Miika Komu miika@xxxxxx http://www.iki.fi/miika/
Other related posts:
