Host Identity Protocol gains momentum in industry

TemperedNetworks, headquarted in Seattle, announces a new product line for securing the critical infrastructure based on Host Identity Protocol (HIP), which was actively developed by the FRUCT community. This includes a scalable orchestration engine (HIPswitch Conductor™), a series of hardened physical and virtual security appliances (HIPswitch™), and a management console and user interface (SimpleConnect™). Tempered Networks has just been awarded the ‘2014 Entrepreneurial Company of the Year’ by analyst firm, Frost & Sullivan. Production customers in are found in Manufacturing, Oil & Gas, Utilities (water, power and energy) industries.

A Tempered Networks deployment requires a HIPswitch Conductor™, two or more HIPswitch™ security appliances and a SimpleConnect™ management console. The SimpleConnect management console is used to configure the private networks that are created by the HIPswitches. Each HIPswitch has a unique cryptographic identity and the collection of HIPswitch identities is what establishes a private network. Once HIPswitches know which peer HIPswitches they are allowed to communicate with, the HIPswitches establish point-to-point VPN tunnels to one another. The Tempered Networks solution operates on the principle of “Network Whitelisting”, which means only the communications specified are allowed. The devices behind each HIPswitch communicate with one another as if they are connected to each other on a local switch, yet their communications are secured over the shared network.

"HIP", or "Host Identity Protocol", is published as IETF RFC 5201. HIP allows consenting hosts to securely establish and maintain shared IP-layer state, allowing separation of the identifier and locator roles of IP addresses. HIP uses public key identifiers from a new Host Identity namespace for mutual peer authentication. The protocol is designed to be resistant to denial-of-service (DoS) and man-in-the-middle (MitM) attacks. When used together with another suitable security protocol, such as the Encapsulated Security Payload (ESP), it provides integrity protection and encryption for upper-layer protocols, such as TCP and UDP. HIP has matured over 15 years of research, development, and deployment from companies like Boeing, Verizon, and Ericsson, as well as universities around the world.

In Finland, Aalto University, University of Oulu, Helsinki Institute for Information Technology HIIT jointly with other FRUCT members contributed for instance to publishing "HIP Experiment Report" as RFC6538 by the Internet Engineering Task Force which was a per-requisite to approval HIPv2 as a standard track protocol by the Internet Engineering Task Force (IETF) in 2014. Furthermore, specifications for IEEE 802.15.9 Key Management Protocols for 802.15.4 including HIP as one of the alternative have reached the pre-draft standardization status at IEEE. 

For additional information on HIP please refer to a book

A. Gurtov, Host Identity Protocol (HIP): Towards the Secure Mobile Internet, ISBN 978-0-470-99790-1, Wiley and Sons, June 2008. (Hardcover, 332 p).

as well as a survey article

P. Nikander, A. Gurtov, T. Henderson, Host Identity Protocol (HIP): Connectivity, Mobility, Multi-homing, Security, and Privacy over IPv4 and IPv6 networks, IEEE Communications Surveys and Tutorials, 12 (2), 2010.

Inquiries can be sent to Andrei Gurtov, HIIT and Aalto University (gurtov <at> hiit.fi, http://www.hiit.fi/~gurtov)