| Summary: | 碩士 === 國立交通大學 === 網路工程研究所 === 100 === Host Identity Protocol (HIP) is a new communication protocol to solve the mobility and multi-homing problems on the Internet by separating the host identifier from locator at the network layer. It introduces a new layer, Host Identity layer, between the transport layer and the network layer. With HIP, the change of IP addresses due to roaming across network domains will not disrupt communications. Furthermore, HIP supports the IPsec ESP security association between two mobile peers. In this paper, we introduce a potential vulnerability we discovered in HIP DHT interface, where the record is not verified when being published. Therefore, attackers can upload misleading HIT records to perform the drowning attack and the man-in-the-middle attack. To cope with the problem, we propose a revision which enhances the interface with an authentication mechanism. The proposed scheme can successfully mitigate the threats, and its security and correctness is formally proved in our analysis.
|
|---|
