Leap-of-Faith Security is Enough for IP Mobility Miika Komu Helsinki Institute for Information Technology Helsinki University of Technology and University of Helsinki Email: miika.komu@iki.fi Janne Lindqvist Helsinki University of Technology Department of Computer Science and Engineering Email: janne.lindqvist@tml.hut.fi Abstract— Host mobility presents a challenge for security pro- tocols. For example, many proposals exist for integrating IPsec to Mobile IP. However, the existing approaches are cumbersome to configure and contain many round trips for security and mobility updates. The Host Identity Protocol (HIP) is being developed in the IETF to provide secure host mobility and multihoming. The default way to operate the protocol is that the connection initiator knows the peer’s public key or a hash of the public key. This requires either infrastructure support or pre-configuration which introduces difficulties for deploying the protocol. In this paper, we present an implementation and evaluation of HIP that creates leap-of-faith security associations. The implemented approach establishes end-to-end security without requiring any new infrastructure to be deployed. We argue that since worldwide PKI is nowhere near, and seems to nearly impossible to br deploy in practice, leap-of-faith security is enough for Internet access and mobility. In our view, the deployment of opportunistic HIP even makes the deployment of DNSSEC unnecessary for most applications. I. I NTRODUCTION In the vast number of approaches to host mobility, many of the proposals ignore security issues. For example, extensively researched Mobile IP(v6) protocol introduces difficulties with IPsec [1]. Host Identity Protocol [2] integrates to IPsec to secure mobility and multihoming. In the HIP architecture, the IP addresses are relieved from their role as identifiers by public keys or hashes of the public keys. When the IP address of the host changes, the connection is still bound the the same cryptographically secure identity. Thus, transport layer connections can tolerate changes in IP addresses using HIP. In Mobile IPv6, the server side does not need any changes, but it can support mobility optimizations. The security of Mobile IPv6 was designed to avoid introducing any new security threats to the Internet [3]. Mobile IP uses IP address as the identifier. On the other hand, Host Identity Protocol was designed to introduce a new cryptographic identity space for Internet and to use IPsec as the default mechanism to protect transport layer communication. The concept of leap-of-faith security or weak authentication between untrusted principals [4] has been used and imple- mented in many security protocols. For example, Secure Shell (SSH) protocol uses leap-of-faith security as as follows. When a client connects to a server the first time, the user sees and verifies the fingerprint of the server’s public key, and the SSH software stores the public key to disk. Next time the client connects to the server, the SSH client software compares the server key to the one stored on the disk. If they do not match, SSH alerts the user of a possible man-in-the-middle attack. Thus, the assumption of the leap-of-faith security is that there is no active attacker in the network during the first connection. In this paper, we present the design and implementation of a leap-of-faith security approach to HIP called the opportunistic mode. The opportunistic mode is briefly described in the base specification of HIP, but, for example, API issues are left aside. The literature does not contain any experimental results on opportunistic mode and therefore we have experimented with a way of of implementing the opportunistic mode and its APIs which do not interfere with the normal operation of HIP. The implementation supports incremental deployment because it allows fallback to non-HIP based communication when the peer does not support HIP. We argue that the opportunistic end-to-end security approach is enough for Internet access for heterogeneous wired and wireless networks since the deployment of global public-key infrastructure is virtually impossible. It should be noted that AAA architectures are beyond the scope of this paper, since we focus on end-to-end security. We have implemented the approach with HIP, but the same experiences should be applicable to other end-to-end mobility protocols. The rest of the paper is organized as follows. We first proceed to introduce the Host Identity Protocol architecture. Then, we discuss related work. Next, we give the design and implementation details, followed by discussion section. We finish the article in conclusions. II. HOST I DENTITY PROTOCOL Host Identity Protocol (HIP) [2] introduces a new global namespace, the Host Identifier (HI) namespace, for transport- layer connections. The namespace separates transport layer and network layer locators. This allows transport layer con- nections to survive when the network-layer address changes due to end-host mob5Bility or multihoming. The new global namespace makes it also possible to name and contact hosts behind private-address realms controlled by NAT boxes [5]. The HIP namespace is unmanaged in the sense that no central authority for creating the names exists. A name in the namespace is statistically unique. Namespace collisions are highly unlikely due to the size of the addresses space which corresponds to the IPv6 address space. The namespace is cryptographic by its nature; a HI is essentially a public key.