Sciweavers

IWCMC
2006
ACM

Resolving islands of security problem for DNSSEC

14 years 5 months ago
Resolving islands of security problem for DNSSEC
The DNS Security Extensions (DNSSEC) were developed to add origin authentication and integrity. DNSSEC defined a public key infrastructure over DNS tree hierarchy for the public key validation. In DNSSEC, a parent zone authenticates public keys of its child zones. The authentication hierarchy is broken when a parent does not support DNSSEC. This paper proposes an effective mechanism to overcome this partial deployment problem. Our solution uses a public bulletin board for zones to post their DNSKEY information. Resolvers use posted key information to find key authentication chains that can be used to validate the DNSKEY. Bulletin Board(BB) provides complete trust relationship information when the key authentication hierarchy is broken, and distributes the complete key information even when false zones provide the invalid keys. The bulletin board does not guarantee the correctness of DNSKEY information, but it does guarantee the completeness of the key information. Our approach helps...
Eunjong Kim, Ashish Gupta, Batsukh Tsendjav, Danie
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Where IWCMC
Authors Eunjong Kim, Ashish Gupta, Batsukh Tsendjav, Daniel Massey
Comments (0)