Experience with the host identity protocol for secure host mobility and multihoming

Abstract

The host identity protocol (HIP) is a recent protocol proposal for secure host mobility and multihoming using cryptographic-based name space for Internet hosts. This paper reports on our experience with implementing HIP and experimenting with it as a mobility management and host multihoming solution. After first introducing the HIP approach and contrasting it with other solutions, we describe our approach for implementing HIP as an extension to Linux and FreeS/WAN IPsec, including our use and extension of standard APIs. We then characterize the performance of HIP packet exchanges experimentally, and report that the computational overhead is dominated by the DSA signing of the HIP packets. Using 266 MHz Pentium II-based laptops, our HIP implementation took slightly under 1 second on average to complete connection setup, and less than 200 ms to process a mobility-initiated readdress. We also characterize the overhead due to the HIP "cookie challenge" used for stateless connection setup. We conclude by identifying areas for continued HIP development.