DNSSEC for cyber forensics

نویسندگان

  • Haya Shulman
  • Michael Waidner
چکیده

Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users’ activities for censorship, to distribute malware and spam and to subvert correctness and availability of Internet clients and services. Currently, the DNS infrastructure relies on challengeresponse defences against attacks by (the common) off-path adversaries. Such defences do not suffice against stronger, man-in-the-middle (MitM), adversaries. However, MitM is not believed to be common; hence, there seems to be little motivation to adopt systematic, cryptographic mechanisms. We show that challenge-response do not protect against cache poisoning. In particular, we review common situations where (1) attackers can frequently obtain MitM capabilities and (2) even weaker attackers can subvert DNS security. We also experimentally study dependencies in the DNS infrastructure, in particular, dependencies within domain registrars and within domains, and show that multiple dependencies result in more vulnerable DNS. We review domain name system security extensions (DNSSEC), the defence against DNS cache poisoning, and argue that not only it is the most suitable mechanism for preventing cache poisoning but it is also the only proposed defence that enables a posteriori forensic analysis of attacks.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots

Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...

متن کامل

Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots

Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...

متن کامل

Plethora of Cyber Forensics

As threats against digital assets have risen and there is necessitate exposing and eliminating hidden risks and threats. The ability of exposing is called “cyber forensics.” Cyber Penetrators have adopted more sophistical tools and tactics that endanger the operations of the global phenomena. These attackers are also using anti-forensic techniques to hide evidence of a cyber crime. Cyber forens...

متن کامل

Combating Against Anti-Forensics Aligned with E-mail Forensics

Knowledge on cyber forensics is increasing on par with the cyber crime incidents. Cyber criminals’ uses sophisticated technological knowledge and always they plan to escape from the clutches of law. This paper elaborates e-mail forensics and categories of anti-forensics that can be applicable to the email forensics. This paper elucidates the process of identifying such anti-forensics applied in...

متن کامل

Trainees' Competency Based-Assessment Methods in Cyber Forensics Education or Training Programmes - A Review

Cyber Forensics Investigations training or education is relatively new. The nature of Cyber Forensics is multidisciplinary, which enforces proliferations to diverse training programmes, from a handful of day's workshop to Masters Degree in Cyber Forensics. Thus, researchers found that the world lacks experts of Cyber Forensics due to some factors. Consequently, this paper focuses to analyze the...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • EURASIP J. Information Security

دوره 2014  شماره 

صفحات  -

تاریخ انتشار 2014