research-article

Free access

Zone state revocation for DNSSEC

Authors:

Eric Osterweil,

Vasileios Pappas,

Dan Massey,

Lixia ZhangAuthors Info & Claims

LSAD '07: Proceedings of the 2007 workshop on Large scale attack defense

Pages 153 - 160

https://doi.org/10.1145/1352664.1352677

Published: 27 August 2007 Publication History

PDF eReader

Abstract

DNS Security Extensions (DNSSEC) are designed to add cryptographic protection to the Internet's name resolution service. However the current design lacks a key revocation mechanism. In this paper we present Zone State Revocation (ZSR), a lightweight and backward compatible enhancement to DNSSEC. ZSR enables zones to explicitly revoke keys using self-certifying certificates, and enables DNS name-servers to opportunistically inform distributed caching resolvers of key revocations via lightweight control messages. Further, ZSR allows resolvers to distinguish between legitimate key changes and potential attacks when authentication chains are broken. ZSR is designed to work well with global-scale DNS operations, where millions of caches may need to be informed of a revocation, and where time is critical.

References

[1]

Secspider. http://secspider.cs.ucla.edu/.

Google Scholar

[2]

Steven M. Bellovin. Using the domain name system for system break-ins. pages 199--208.

Google Scholar

[3]

P. Mockapetris. Rfc 1035. RFC 1035, IETF, November 1987.

Google Scholar

[4]

P. Mockapetris and K. J. Dunlap. Development of the domain name system. In SIGCOMM '88, pages 123--133, 1988.

Digital Library

Google Scholar

[5]

R. Gieben O. Kolkman. Dnssec operational practices. Internet Draft, DNSOP, March 2006.

Google Scholar

[6]

M. Larson D. Massey S. Rose R. Arends, R. Austein. DNS Security Introduction and Requirement. RFC 4033, March 2005.

Google Scholar

[7]

M. Larson D. Massey S. Rose R. Arends, R. Austein. Protocol Modifications for the DNS Security Extensions. RFC 4035, March 2005.

Google Scholar

[8]

M. Larson D. Massey S. Rose R. Arends, R. Austein. Resource Records for the DNS Security Extensions. RFC 4034, March 2005.

Google Scholar

[9]

R. Bush R. Elz. Rfc 1982. RFC 1982, August 1996.

Google Scholar

[10]

P. Vixie. Rfc 2671. RFC 2671, IETF, August 1999.

Google Scholar

Cited By

View all

Wang ZXiao L(2014)Emergency Key Rollover in DNSSECProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.76(598-604)Online publication date: 24-Sep-2014
https://dl.acm.org/doi/10.1109/TrustCom.2014.76
Yang HOsterweil EMassey DLu SZhang L(2011)Deploying Cryptography in Internet-Scale SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2010.108:5(656-669)Online publication date: 1-Sep-2011
https://dl.acm.org/doi/10.1109/TDSC.2010.10
Osterweil EMassey DZhang L(2009)Deploying and Monitoring DNS Security (DNSSEC)Proceedings of the 2009 Annual Computer Security Applications Conference10.1109/ACSAC.2009.47(429-438)Online publication date: 7-Dec-2009
https://dl.acm.org/doi/10.1109/ACSAC.2009.47
Show More Cited By

Zone state revocation for DNSSEC
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Proxy Signature with Revocation
Proceedings, Part II, of the 21st Australasian Conference on Information Security and Privacy - Volume 9723

Proxy signature is a useful cryptographic primitive that allows signing right delegation. In a proxy signature scheme, an original signer can delegate his/her signing right to a proxy signer or a group of proxy signers who can then sign documents on ...
Provably secure multi-proxy signature scheme with revocation in the standard model

Multi-proxy signature schemes are very useful tools when an original signer needs to delegate his signing capability to a group of proxy signers, and have been suggested in numerous applications. The proxy revocation problem is an essential issue of the ...
DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC
CATCH '09: Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security

The Domain Name System (DNS) is one of the core infrastructure components of the Internet. DNS data is also trivial to spoof. The security extensions to DNS (DNSSEC) provide a mechanism for users to verify the origin authenticity and integrity of DNS ...

Comments

Information & Contributors

Information

Published In

LSAD '07: Proceedings of the 2007 workshop on Large scale attack defense

August 2007

73 pages

ISBN:9781595937858

DOI:10.1145/1352664

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 August 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

SIGCOMM07

Sponsor:

SIGCOMM

SIGCOMM07: ACM SIGCOMM 2007 Conference

August 27, 2007

Kyoto, Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
313
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)8

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang ZXiao L(2014)Emergency Key Rollover in DNSSECProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.76(598-604)Online publication date: 24-Sep-2014
https://dl.acm.org/doi/10.1109/TrustCom.2014.76
Yang HOsterweil EMassey DLu SZhang L(2011)Deploying Cryptography in Internet-Scale SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2010.108:5(656-669)Online publication date: 1-Sep-2011
https://dl.acm.org/doi/10.1109/TDSC.2010.10
Osterweil EMassey DZhang L(2009)Deploying and Monitoring DNS Security (DNSSEC)Proceedings of the 2009 Annual Computer Security Applications Conference10.1109/ACSAC.2009.47(429-438)Online publication date: 7-Dec-2009
https://dl.acm.org/doi/10.1109/ACSAC.2009.47
Osterweil ERyan MMassey DZhang LPapagiannaki KZhang Z(2008)Quantifying the operational status of the DNSSEC deploymentProceedings of the 8th ACM SIGCOMM conference on Internet measurement10.1145/1452520.1452548(231-242)Online publication date: 20-Oct-2008
https://dl.acm.org/doi/10.1145/1452520.1452548
Osterweil EMassey DZhang L(2007)Observations from the DNSSEC DeploymentProceedings of the 2007 3rd IEEE Workshop on Secure Network Protocols10.1109/NPSEC.2007.4371619(1-6)Online publication date: 16-Oct-2007
https://dl.acm.org/doi/10.1109/NPSEC.2007.4371619

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Proxy Signature with Revocation

Provably secure multi-proxy signature scheme with revocation in the standard model

DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Login options

Full Access

Abstract

References

Cited By

Recommendations

Proxy Signature with Revocation

Provably secure multi-proxy signature scheme with revocation in the standard model

DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations