Enabling Secure On-Line DNS Dynamic Update

14 years 4 months ago

Download www.acsac.org

Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. In this paper, we point out two difﬁculties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: 1) the on-line storage of a zone security key, creating a single point of attack for both inside and outside attackers, and 2) the violation of the role separation principle, which in the context of DNSSEC separates the roles of zone security managers from DNS server administrators. To address these issues, we propose a secure DNS architecture that is based on threshold cryptography. We show that the architecture adheres to the role separation principle without presenting any single point of attack. Our experimental results reveal that, in terms of signature computation times,...

Xunhua Wang, Yih Huang, Yvo Desmedt, David Rine

Real-time Traffic

ACSAC 2000 | DNS Security Extension | Role Separation Principle | Security Extension | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	30 Jul 2010
Updated	30 Jul 2010
Type	Conference
Year	2000
Where	ACSAC
Authors	Xunhua Wang, Yih Huang, Yvo Desmedt, David Rine

Comments (0)

Sciweavers

Enabling Secure On-Line DNS Dynamic Update

ACSAC 2000 | DNS Security Extension | Role Separation Principle | Security Extension | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers