1 / 8

Public key protected data plane HICCUPS Implementation Status Prabhu Patil ppatil@cc.hut.fi

Public key protected data plane HICCUPS Implementation Status Prabhu Patil ppatil@cc.hut.fi. Outline. What is HIP DATA PACKET Why do we need it Status What are next steps? How does it work? Conclusion. What is HIP DATA Packet.

yazid
Download Presentation

Public key protected data plane HICCUPS Implementation Status Prabhu Patil ppatil@cc.hut.fi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public key protected data plane HICCUPS Implementation Status Prabhu Patil ppatil@cc.hut.fi

  2. Outline • What is HIP DATA PACKET • Why do we need it • Status • What are next steps? • How does it work? • Conclusion

  3. What is HIP DATA Packet • Alternate way to communicate data without runnning HIP BEX messages. • HICCUPS Draft. • Provides public key cryptography support for payload. • Reliable communication without base exchange. • Provides sender identification with signature, protects data using HMAC, optionally includes Ack and Seq mechnaism.

  4. Structure of HIP DATA Packet HIP Header: Packet Type = [ : 32 ] SRC HIT = Sender's HIT ST HIT = Receiver's HIT IP ( HIP ( [SEQ, ACK, ] [HOST_ID, ] PAYLOAD_HMAC, HIP_SIGNATURE) PAYLOAD )‏ TCP data TCP data HIP TCP data IP HIP TCP data

  5. When/when not to use it? • In overlay networks: Where other node is already authorised to join the network. Then avoid base exchange. • To send and receive momentary upper layer data without running complex BEX. • Can be useful for Opportunistic Communication with neighbors. • No suitable when security is major concern(DOS) • Not suitable for long running connections

  6. Status • Dynamic enable/diable of data-packet mode through hipconf parameter • Signature and HostId support implemented and verified at the receiver. • HMAC for data packets needs to be implemeted. • Current assumption is that both sender and receiver understand HIP Data. Need to modify the code to send R1 when it is not HIP Data enabled. • Need to do measurements and comparisions • Requirement for Ack and Seq functionalities need to be discussed further and their impact on TCP Seq/Ack.

  7. Problems • Little difficult to break the tight intergration of the Code with BEX and IPSEC. • Problem with reusing the previous code.

  8. DEMO

More Related