藉由DNSSEC信賴鏈以認證HIP網路行動節點

Abstract

主機身份協定(HIP)是一種新的通訊協定，在TCP/IP架構中加入新的一層 : 主機身份層(Host Identity layer)。將傳統網路架構中IP地址表示主機身份以及位置的訊息分開，可用來解決因為IP地址改變，而造成連線中斷的問題，並且提供了兩個行動節點間，建立ESP安全連接所需的相關訊息交換。為了進行HIP信息基本交換，必須透過安全的名稱解析來取得目的端的主機身份標籤(Host Identity Tag)以及IP地址。主機身份協定分散式雜湊表介面是由IRTF所提出的其中一種名稱解析方式。本篇論文針對主機身份協定分散式雜湊表介面提出了一些安全分析，發現主機身份協定分散式雜湊表介面因為沒有對上傳的內容進行驗證，因此可能會被惡意攻擊者實行溺斃攻擊(Drowning attack)以及中間人攻擊(Man-in-the-middle attack)。接著，我們將修改此介面，提供一個認證的方法以抵擋上述的攻擊。在論文的最後，我們會對提出的方法進行安全性的分析。

Host Identity Protocol (HIP) is a new communication protocol to solve the mobility and multi-homing problems on the Internet by separating the host identifier from locator at the network layer. It introduces a new layer, Host Identity layer, between the transport layer and the network layer. With HIP, the change of IP addresses due to roaming across network domains will not disrupt communications. Furthermore, HIP supports the IPsec ESP security association between two mobile peers. In this paper, we introduce a potential vulnerability we discovered in HIP DHT interface, where the record is not verified when being published. Therefore, attackers can upload misleading HIT records to perform the drowning attack and the man-in-the-middle attack. To cope with the problem, we propose a revision which enhances the interface with an authentication mechanism. The proposed scheme can successfully mitigate the threats, and its security and correctness is formally proved in our analysis.