New Protocol E-DNSSEC to Enhance DNSSEC Security
نویسندگان
چکیده
The Domain Name System (DNS) is an essential component of the internet infrastructure. Due to its importance, securing DNS becomes a necessity for current and future networks. DNSSEC, the extended version of DNS has been developed in order to provide security services. Unfortunately, DNSSEC doesn’t offer query privacy; we can see all queries sent to resolver in clear. In this paper, we evaluate the security of DNS and DNSSEC protocols, and we would see clearly that DNSSEC is insufficient to secure DNS protocol; it doesn’t ensure confidentiality to data transiting over the network. That’s why, we propose a new method named ’E-DNSSEC’ which aims to add, in addition to DNSSEC security features, queries confidentiality, by encrypting them between DNSSEC servers. After that, an implementation of E-DNSSEC protocol will be given. Finally, we conclude by an analysis to prove the positive impact of this method to enhance DNSSEC security.
منابع مشابه
An integrated testing system for IPv6 and DNSSEC
IPv6 protocol, which should replace the actual IPv4 protocol, brings many new possibilities and improvements considering simplicity, routing speed, quality of service, and security. In comparison to IPv4, IPv6 improves mechanisms for assuring a secure and confidential transfer of information. DNS has been extended to provide security services (Domain Name System Security Extensions (DNSSEC)) ma...
متن کاملSecurity of the DNS Protocol - Implementation and Weaknesses Analyses of DNSSEC
Today, Internet offers many critical applications. So, it becomes very crucial for Internet service providers to ensure traceability of operations and to secure data exchange. Since all these communications are based on the use of the Domain Name System (DNS) protocol, it becomes necessary to think to enhance and secure it by proposing a secure version of this protocol that can correct the whol...
متن کاملKey Revocation System for DNSSEC
The Domain Name System (DNS) is a distributed tree-based database largely used to translate a human readable machine name into an IP address. The DNS security extensions (DNSSEC) has been designed to protect the DNS protocol using public key cryptography and digital signatures. In this paper, we show how DNSSEC can be attacked using compromised keys and the consequences of such attacks. Then, w...
متن کاملUDP Large-Payload Capability Detection for DNSSEC
Domain Name System (DNS) is a major target for the network security attacks due to the weak authentication. A security extension DNSSEC has been proposed to introduce the public-key authentication, but it is still on the deployment phase. DNSSEC assumes IP fragmentation allowance for exchange of its messages over UDP large payloads. IP fragments are often blocked on network packet filters for a...
متن کاملProtocol Modifications for the DNS Security Extensions
This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the DNS. This document describes the DNSSEC protocol modifications. This document defines the concept of a signed zone, along with the requireme...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 20 شماره
صفحات -
تاریخ انتشار 2018