Authorising HIP enabled communication
Seppo Heikkinen
International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS 2007)
San Diego, California (USA), July 16-18, 2007
SPECTS_Summary
The security of communication is often ensured with requirements for authenticity, integrity and confidentiality. However, sometimes it is overlooked that the authenticity of an entity should not automatically imply rights to perform actions. Many modern telecommunication systems do not provide privilege granularity, but are content in giving an authenticated entity every right to use the systems. In this paper we discuss the decoupling of authentication and authorisation in the context of Host Identity Protocol (HIP). With its identity based approach it is a natural environment for introducing authorisation tokens, which are able to provide policy granularity in a distributed fashion. HIP, however, sets some usage, especially length, constraints, and the objective of this paper is to study those constraints and see, what is suitable for HIP enabled scenarios in terms of different authorisation token mechanisms and cryptographic algorithms.