Swiss Army Knife

Education Level: Intermediate

4211 - Using the Host Identity Protocol (HIP) for the Rapid Creation of Secure Enclaves

Speaker(s)

• 

  David Furnas, PMBA, CHCIO, CISM, CISSP, PMP

  Security Services Architect
  Sutter Health

Specified in RFC 7401 and approved by the IETF in 2015, the HIP v2 specification defines an alternative to the dual use of IP addresses as "locators" (routing labels) and "identifiers" (endpoint, or host, identifiers). With HIP, public cryptographic keys, of a public/private key pair, are used as host identifiers, to which higher-layer protocols are bound instead of an IP address. By using public keys (and their representations) as host identifiers, dynamic changes to IP address sets can be directly authenticated between hosts, and strong authentication may be instantiated between hosts at the TCP/IP stack level. HIP enables the rapid creation of enclaves that are both secure and invisible to other enclaves, or to potential attackers, that may exist outside the cryptographic namespace.

Learning Objectives:

• Discuss and consider the capabilities or constraints of the HIP protocol as it may be used to create cryptographic namespaces to establish secure enclaves for the purpose of segmenting various classes of confidential information assets.
• Better understand how HIP can help to secure the Internet of Things (IoT) through the use of a 128-bit identifier (host identity tag), which is a cryptographic hash of the public key assigned to a confidential information asset.
• Better understand how solutions based on the HIP architecture and protocol may reduce the capex and opex required to safeguard confidential information assets while helping to provide for manageability and sustainability.