Trustworthy TCB for DNS Servers
نویسندگان
چکیده
A simple atomic relay function is proposed as a minimal trusted computing base (TCB) for a domain name system (DNS) server. This TCB, composed of a fixed sequence of logical and cryptographic hash operations, can be amplified to ensure that a DNS server cannot violate rules. The paper also outlines elements of a TCB-DNS protocol that amplifies the simple TCB to secure the domain name system. The paper includes an extensive comparison of the proposed approach with DNSSEC, the current standard for securing DNS. The proposed approach is shown to overcome many issues associated with DNSSEC. Specifically, TCB-DNS demands substantially lower overhead for DNS servers and resolvers, eliminates the issue of zone enumeration, and is less susceptible to replay attacks.
منابع مشابه
A Precise and Efficient Evaluation of the Proximity Between Web Clients and Their Local DNS Servers
Content Distribution Networks (CDNs) attempt to improve Web performance by delivering Web content to end-users from servers located at the edge of the network. An important factor contributing to the performance improvement is the ability of a CDN to select servers in the proximity of the requesting clients. Most CDNs today use the Domain Name System (DNS) to make such server selection decision...
متن کاملSecurity for Future Internet Architecture - Motivation from DNSSEC
DNS has a long history of being the primary target of malicious network attacks. These attacks take advantage of the weakness that the domain name mapping information is not authenticated. This motivates the need of security global infrastructure for future internet architecture. DNSSEC is a secure extension of DNS, and is considered as one of the most important mechanisms for critical informat...
متن کاملProtecting BGP Routes to Top Level DNS Servers
The Domain Name System (DNS) is an essential part of the Internet infrastructure and provides fundamental services, such as translating host names into IP addresses for Internet communication. The DNS is vulnerable to a number of potential faults and attacks. In particular, false routing announcements can deny access to the DNS service or redirect DNS queries to a malicious impostor. Due to the...
متن کاملOn the problem of optimization of DNS root servers’ placement
The Domain Name System (DNS) is a critical component of the modern Internet. It provides a critical link between human users and Internet routing infrastructure by mapping host names to IP addresses. The DNS is a hierarchy of distributed system of servers anchored at 13 DNS root servers. In this paper we examine the macroscopic connectivity between the DNS root servers and the worldwide populat...
متن کاملImproved Recursive DNS Server Selection for Multi-Interfaced Nodes
A multi-interfaced node is connected to multiple networks, some of which might be utilizing private DNS namespaces. A node commonly receives recursive DNS server configuration information from all connected networks. Some of the recursive DNS servers might have information about namespaces other servers do not have. When a multi-interfaced node needs to utilize DNS, the node has to choose which...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 14 شماره
صفحات -
تاریخ انتشار 2012