HIP

Host Identity Protocol

Protocol
Introduced in Rel-8
HIP is a host identification and mobility management protocol that separates a host's identity from its network location. It introduces a cryptographic Host Identity (HI) to decouple the transport layer from internetworking, enabling secure host mobility, multihoming, and improved security for IP communications.

Description

The Host Identity Protocol (HIP), studied by 3GPP in specification 22.980, is an Internet Engineering Task Force (IETF) protocol that fundamentally re-architects the traditional IP stack by introducing a new namespace: the Host Identity. In conventional IP, the IP address serves a dual role as both a locator (where the host is on the network) and an identifier (who the host is). HIP decouples these roles. It assigns a host a persistent, cryptographic Host Identity (HI), typically a public key, which acts as the stable identifier for the host. The IP address is then used purely as a locator, which can change as the host moves. This separation occurs between the internetworking layer (Layer 3, IP) and the transport layer (Layer 4, e.g., TCP, UDP). A HIP layer is inserted between these layers, which maps the stable Host Identities to changing IP addresses.

The protocol operates through a four-way handshake known as the HIP Base Exchange. When two HIP-enabled hosts (initiator and responder) wish to communicate, they first perform this cryptographic handshake. During this exchange, they authenticate each other using their Host Identities (public keys) and establish a pair of IPsec Encapsulating Security Payload (ESP) Security Associations (SAs) for securing subsequent payload data. The handshake also results in the creation of a 128-bit Host Identity Tag (HIT), a hash of the public key, which is used in the packet headers as a compact identifier. Once the HIP association is established, the transport layer sockets are bound to the HITs, not the IP addresses. If a host's IP address changes due to mobility, it can simply send an UPDATE packet to its peer, informing it of the new locator, and the communication can continue seamlessly without breaking the transport layer connection, as the socket endpoint identifier (the HIT) remains constant.

HIP's architecture provides several powerful capabilities. For mobility, it allows a host to change all of its IP addresses while maintaining ongoing sessions, a concept known as end-host mobility. For multihoming, a host can have multiple IP addresses (e.g., over Wi-Fi and cellular) and can inform its peer of all available locators, enabling failover and load balancing. Security is inherent because the host identity is cryptographic; the Base Exchange provides mutual authentication and enables easy keying for IPsec. Within the 3GPP context, HIP was investigated as a potential solution for mobile node mobility, especially for scenarios where network-based mobility protocols like GTP or PMIP were not desired, or for enabling new trust models and seamless mobility across heterogeneous access networks.

Purpose & Motivation

HIP was created to solve fundamental architectural limitations of the original Internet Protocol suite, where the IP address overloads the semantics of both location and identity. This overload causes well-known problems with host mobility, multihoming, and security. When a host moves and changes its IP address, all existing transport-layer connections (TCP sessions) bound to the old address break. Solutions like Mobile IP work around this at the network layer but often introduce triangular routing and complexity. HIP's purpose is to provide a clean architectural solution by introducing a separate, persistent identity layer, thereby enabling seamless mobility and multihoming at the end-host level.

3GPP's interest in HIP, documented in TR 22.980, stemmed from its potential to provide alternative mobility management mechanisms for User Equipment (UE) in cellular networks. While 3GPP networks traditionally rely on network-controlled mobility (e.g., handovers managed by the RAN and core network), HIP offered a host-centric approach. This could be beneficial for scenarios involving mobility across non-3GPP access networks (like Wi-Fi) or for enabling new service models where the UE manages its own locators. HIP's built-in cryptographic identity also promised to simplify security association establishment, potentially streamlining procedures for network access authentication and securing end-to-end communications. The study aimed to understand how HIP could complement or integrate with existing 3GPP mobility and security architectures, exploring its potential benefits for future network evolution.

Key Features

  • Decouples host identity from network location using cryptographic Host Identities
  • Enables seamless end-host mobility and multihoming
  • Uses a four-way Base Exchange for mutual authentication and key establishment
  • Binds transport layer connections to stable Host Identity Tags (HITs)
  • Leverages IPsec ESP for secure payload data transmission
  • Provides a foundation for improved security and trust in internet communications

Evolution Across Releases

Rel-8 Initial

3GPP initiated a study on HIP in TR 22.980, investigating its applicability and potential benefits for mobility management and security in 3GPP systems. The study assessed HIP's architecture, its handshake procedure, and how it could interface with or complement existing 3GPP protocols.

TS 22.980

Defining Specifications

SpecificationTitle
TS 22.980 3GPP TS 22.980