Research On Puzzle Mechanism And Implementation Of Host Identity Protocol

In the current Internet TCP/IP Protocol suite the IP address identifies both the hosts and its topological location. It has caused a lot of problems, such as Internet can not support end-host mobility and end-host muti_homing and it has low security. The Host Identity Protocol introduced by IETF HIP WG proposes a new namespace to split the name of the location of the host from the name of the host which can solve these problems.This thesis introduces the background of HIP and analyzes its mechanism from namespace issue, base exchange, DNS resolution to rendezvous service. Aiming at the drawbacks of puzzle mechanism in HIP implementation, this thesis proposes a new solution and discusses acceleration of HIP deeply. The main work and contributions of this thesis are following:(1)Aiming at the disadvantages of high space cost and low security of HIPL puzzle mechanism, this thesis proposes High performance puzzle mechanism-HPPM. HPPM don't use cookie table to cache puzzles like HIPL and it caches the puzzle during authentication temporarily. It uses SHA-256 as puzzle generating arithmetic which almost has no collisions and make HIP association has more robust during DoS attacks. HPPM has been debugged in Linux successfully. This thesis analyzes and compares both HPPM and HIPL puzzle mechanisms and concludes that HPPM can afford higher security with less space cost than HIPL puzzle mechanism.(2)Aiming at terrible performance of HIPL, this thesis proposes HIP hardware accelerate(HHA)based on HIPL and TCP/IP offload technologies. HHA implements both traditional BSD socket and HIP exclusive socket. The software architecture and hardware architecture are proposed too. The IPsec module is designed in details. At last, the principle of HHA is depicted in classic client/server example.According to the analysis and test, HPPM is verified to have more security than HIPL puzzle mechanisms which make it robust to DoS attacks with lower cost. The performance test off offload also shows that implementation of protocol processing in hardware is better than in software. Above all, this thesis has done deep researches on HIP puzzle mechanism and HIP accelerating which are guidelines to optimization of HIP implementation.