HIPL: HIP for Linux
Host Identity Protocol for Linux (HIPL) is an experimental open source software project at Helsinki Institute for Information Technology (HIIT) and Helsinki University of Technology (HUT) organized in collaboration with Distributed Systems Group in RWTH Aachen. Below are few example use cases for HIP in general:
- Security for different types of Internet connectivity. HIP provides end-to-end authenticity, integrity, and confidentiality for transport layer protocols similar as Transport Layer Security (TLS). However, HIP does not require changes in applications and it supports also UDP and ICMP.
- Public-key based access control. HIPL software bundle includes a public-key based firewall module to be used at middleboxes (routers, wireless access points) and a graphical user interace for end-hosts (somewhat similar to e.g. zone alarm).
- Alternative for Virtual Private Networks (VPN). The traffic is protected end-to-end instead of end-to-middle as in VPN and instead of one "big" tunnel HIP provides multiple smaller tunnels.
- Easy naming of end-user devices. InfraHIP project provides (DNS and DHT-based) infrastructure for automatic naming and contact of end-user devices. Consumer and corporate users can name their devices with human readable host names that are independent of the device location.
- Universal and persistent Internet connectivity. For example, multiple consumers can provide web service from a single network even when it is located with a single private address realm (without tweaking your NAT box). Also, long streams (video, audio, p2p, etc) survive when your mobile device moves or changes its access network.
The following features are either heavily work-in-progress or very unstable:
- Long-term disconnectivity. Carrying a laptop from home to office and the TCP connections survive the timeout.
- Loading of public keys from USB stick or smart card.
- Privacy extensions.
- Light-weight HIP for small devices.