Article

Resolving islands of security problem for DNSSEC

Authors:

Eunjong Kim,

Ashish Gupta,

Batsukh Tsendjav,

Dan MasseyAuthors Info & Claims

IWCMC '06: Proceedings of the 2006 international conference on Wireless communications and mobile computing

Pages 1271 - 1276

https://doi.org/10.1145/1143549.1143804

Published: 03 July 2006 Publication History

Get Access

Abstract

The DNS Security Extensions (DNSSEC) were developed to add origin authentication and integrity. DNSSEC defined a public key infrastructure over DNS tree hierarchy for the public key validation. In DNSSEC, a parent zone authenticates public keys of its child zones. The authentication hierarchy is broken when a parent does not support DNSSEC. This paper proposes an effective mechanism to overcome this partial deployment problem. Our solution uses a public bulletin board for zones to post their DNSKEY information. Resolvers use posted key information to find key authentication chains that can be used to validate the DNSKEY. Bulletin Board(BB) provides complete trust relationship information when the key authentication hierarchy is broken, and distributes the complete key information even when false zones provide the invalid keys. The bulletin board does not guarantee the correctness of DNSKEY information, but it does guarantee the completeness of the key information. Our approach helps DNS zones to deploy DNSSEC even when their parent zones do not deploy DNSSEC, and it does not require any changes to the current DNSSEC protocol and the existing software.

References

[1]

DNSSEC in .NL. http://www.nlnetlabs.nl/dnssec.

Google Scholar

[2]

DNSSEC in .SE. http://dnssec.nic-se.se.

Google Scholar

[3]

Marc Horowitz, PGP public key serve. http://www.mit.edu/people/marc/pks, 1997.

Google Scholar

[4]

John Jones, Daniel Berger, and Chinya Ravishankar. Layering a Publick-Key Distribution Service over Secure DNS. In 21st Annual Computer Security Applications Conference, pages 409--418, 2005.

Digital Library

Google Scholar

[5]

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proceddings of the 1996 IEEE Symposium on Security and Privacy, page 164, 1996.

Digital Library

Google Scholar

[6]

P. Resnick, R. Zeckhauser, E. Friedman, and K. Kuwabara. Reputation Systems. Communications of the ACM, 43(12):45--48, December 2000.

Digital Library

Google Scholar

[7]

Patrick McDaniel and Sugih Jamin. A Scalable Key Distribution Hierarchy. In Technical Report, Electrical Engineering and Computer Science, University of Michigan, pages CSE-TR-366--98, 1998.

Google Scholar

[8]

Philip R. Zimmermann. The official PGP user's guide, 1995.

Digital Library

Google Scholar

[9]

R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements, March 2005.

Google Scholar

[10]

Russ Cox, Athicha Muthitacharoen, and Robert T. Morri. Serving DnS using a Peer-to-Peer Lookup Service. In International Workshop on Peer-to-Peer Systems (IPTPS '02), March 2002.

Digital Library

Google Scholar

Cited By

View all

Wang ZXiao L(2014)Emergency Key Rollover in DNSSECProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.76(598-604)Online publication date: 24-Sep-2014
https://dl.acm.org/doi/10.1109/TrustCom.2014.76

Index Terms

Resolving islands of security problem for DNSSEC

Recommendations

Security weaknesses of a signature scheme and authenticated key agreement protocols

At ACISP 2012, a novel deterministic identity-based (aggregate) signature scheme was proposed that does not rely on bilinear pairing. The scheme was formally proven to be existentially unforgeable under an adaptive chosen message and identity attack. ...
DNSSEC: Interoperability Challenges and Transition Mechanisms
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and Security

Recent cache poisoning attacks motivate protecting DNS with strong cryptography, by adopting DNSSEC, rather than with challenge-response 'defenses'. We discuss the state of DNSSEC deployment and obstacles to adoption. We then present an overview of ...
Security vulnerabilities in DNS and DNSSEC
ARES '07: Proceedings of the The Second International Conference on Availability, Reliability and Security

We present an analysis of security vulnerabilities in the Domain Name System (DNS) and the DNS Security Extensions (DNSSEC). DNS data that is provided by name servers lacks support for data origin authentication and data integrity. This makes DNS ...

Comments

Information & Contributors

Information

Published In

IWCMC '06: Proceedings of the 2006 international conference on Wireless communications and mobile computing

July 2006

2006 pages

ISBN:1595933069

DOI:10.1145/1143549

General Chairs:
Seizo Onoe
NTT DoCoMo Inc., Japan
,
Mohsen Guizani
Western Michigan University
,
Hsiao-Hwa Chen
National Sun Yat-Sen University, Taiwan
,
Mamoru Sawahashi
NTT DoCoMo Inc., Japan

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 July 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

IWCMC06

Sponsor:

IWCMC06: 2006 International Wireless Communications and Mobile Computing Conference

July 3 - 6, 2006

British Columbia, Vancouver, Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
363
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang ZXiao L(2014)Emergency Key Rollover in DNSSECProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.76(598-604)Online publication date: 24-Sep-2014
https://dl.acm.org/doi/10.1109/TrustCom.2014.76

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Security weaknesses of a signature scheme and authenticated key agreement protocols

DNSSEC: Interoperability Challenges and Transition Mechanisms

Security vulnerabilities in DNS and DNSSEC

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Security weaknesses of a signature scheme and authenticated key agreement protocols

DNSSEC: Interoperability Challenges and Transition Mechanisms

Security vulnerabilities in DNS and DNSSEC

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations