HIPL: HIP for Linux
Host Identity Protocol for Linux (HIPL) is an experimental open source software
project at Helsinki Institute for Information Technology (HIIT) and
Helsinki University of Technology (HUT) organized in collaboration with
Distributed Systems Group in RWTH Aachen. Below are few example use cases
for HIP in general:
- Security for different types of Internet
connectivity. HIP provides end-to-end authenticity, integrity, and
confidentiality for transport layer protocols similar as
Transport Layer Security (TLS). However, HIP does not require changes
in applications and it supports also UDP and ICMP.
- Public-key based access control. HIPL software bundle includes a
public-key based firewall module to be used at middleboxes
(routers, wireless access points) and a graphical user interace
for end-hosts (somewhat similar to e.g. zone alarm).
- Alternative for Virtual Private Networks (VPN).
The traffic is protected end-to-end instead of end-to-middle as in
VPN and instead of one "big" tunnel HIP provides multiple smaller
- Easy naming of end-user devices. InfraHIP project provides
(DNS and DHT-based) infrastructure for automatic naming and contact of
end-user devices. Consumer and corporate users can name their
devices with human readable host names that are independent of the
- Universal and persistent Internet connectivity. For example,
multiple consumers can provide web service from a single network
even when it is located with a single private address realm
(without tweaking your NAT box). Also, long streams (video,
audio, p2p, etc) survive when your mobile device moves or
changes its access network.
The following features are either heavily work-in-progress or very
- Long-term disconnectivity. Carrying a laptop from home to office and
the TCP connections survive the timeout.
- Loading of public keys from USB stick or smart card.
- Privacy extensions.
- Light-weight HIP for small devices.