Secure Host Identity Delegation for Mobility

Abstract

We develop a scheme for host identity delegation based on the Host Identity Protocol (HIP). We show how this scheme can be applied to enable the movement of communication sessions between devices e.g. in a Personal Area Network (PAN), or to securely and seamlessly insert any number of service proxies in between session endpoints e.g. to adapt data to suit different devices in a PAN. Identities are securely delegated by relaying HIP signalling messages to the device that owns the private key. This avoids security issues caused by dissemination of private keys. This also ensures that delegated endpoint identities are instantly and permanently revocable by the original device which remains in full control of the private key used to authorize use of the identity. We show that the delegation process introduces minimal additional signalling, and present results of evaluation of a prototype which show the scheme results in no detriment to the performance of HIP.