Host identity protocol definition
The host identity protocol (HIP) is a network layer protocol designed to improve the security and mobility of online communications by separating the dual roles of IP addresses.
Traditionally, an IP address serves two main purposes: it identifies a device (or host) on the network and also indicates its location. HIP introduces a new layer to the networking model to manage these roles more effectively and securely.
See also: host address, elastic IP address, cryptographic key, communication protocol, communications system
How host identity protocol works
- HIP assigns each device a unique host identifier (HI), which is a cryptographic public key. This key serves as a stable identity for the device, independent of its IP address, which can change as the device moves across networks or its network configuration changes.
- A host identity tag (HIT) is derived from the host identifier. The HIT is a shorter, hashed version of the HI, providing a convenient way to reference the host's identity. It's used instead of an IP address for starting communications — this ensures that the device's identity remains the same even if its location (IP address) changes.
- When two devices want to communicate, they first perform a four-way handshake using their HIs and HITs. They securely exchange their public keys and establish a shared secret key for encrypting their communication. This handshake not only verifies the identity of the devices to each other but also sets up a secure channel for data exchange.
- Once the secure channel is created, the actual IP addresses of the devices are used purely as locators, directing where the packets should be sent in the network. The separation of the identifier and locator roles allows for greater security and mobility. Devices can change their IP addresses without disrupting ongoing connections, as their cryptographic identity remains the same.
- By using cryptographic keys as identifiers, HIP significantly increases security. This process mitigates cyberattacks like identity spoofing and man-in-the-middle attacks. Also, since IP addresses are no longer used for establishing connections, HIP improves users’ privacy by making it more difficult to track their activities based solely on IP addresses.