Resolving islands of security problem for DNSSEC

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Resolving islands of security problem for DNSSEC

Full text

Pdf (441 KB)

Source

International Conference On Communications And Mobile Computing archive
Proceedings of the 2006 international conference on Wireless communications and mobile computing table of contents

Vancouver, British Columbia, Canada

SESSION: R1-D: general symposium table of contents

Pages: 1271 - 1276

Year of Publication: 2006

ISBN:1-59593-306-9

Authors

Eunjong Kim	Colorado State University, Fort Collins, CO
Ashish Gupta	Colorado State University, Fort Collins, CO
Batsukh Tsendjav	Colorado State University, Fort Collins, CO
Dan Massey	Colorado State University, Fort Collins, CO

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 85, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1143549.1143804 What is a DOI?

ABSTRACT

The DNS Security Extensions (DNSSEC) were developed to add origin authentication and integrity. DNSSEC defined a public key infrastructure over DNS tree hierarchy for the public key validation. In DNSSEC, a parent zone authenticates public keys of its child zones. The authentication hierarchy is broken when a parent does not support DNSSEC. This paper proposes an effective mechanism to overcome this partial deployment problem. Our solution uses a public bulletin board for zones to post their DNSKEY information. Resolvers use posted key information to find key authentication chains that can be used to validate the DNSKEY. Bulletin Board(BB) provides complete trust relationship information when the key authentication hierarchy is broken, and distributes the complete key information even when false zones provide the invalid keys. The bulletin board does not guarantee the correctness of DNSKEY information, but it does guarantee the completeness of the key information. Our approach helps DNS zones to deploy DNSSEC even when their parent zones do not deploy DNSSEC, and it does not require any changes to the current DNSSEC protocol and the existing software.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	DNSSEC in .NL. http://www.nlnetlabs.nl/dnssec.
	2	DNSSEC in .SE. http://dnssec.nic-se.se.
	3	Marc Horowitz, PGP public key serve. http://www.mit.edu/people/marc/pks, 1997.
	4	John P. Jones , Daniel F. Berger , Chinya V. Ravishankar, Layering Public Key Distribution Over Secure DNS using Authenticated Delegation, Proceedings of the 21st Annual Computer Security Applications Conference, p.409-418, December 05-09, 2005 [doi>10.1109/CSAC.2005.35]
	5	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	6	Paul Resnick , Ko Kuwabara , Richard Zeckhauser , Eric Friedman, Reputation systems, Communications of the ACM, v.43 n.12, p.45-48, Dec. 2000 [doi>10.1145/355112.355122]
	7	Patrick McDaniel and Sugih Jamin. A Scalable Key Distribution Hierarchy. In Technical Report, Electrical Engineering and Computer Science, University of Michigan, pages CSE-TR-366--98, 1998.
	8	Philip R. Zimmermann, The official PGP user's guide, MIT Press, Cambridge, MA, 1995
	9	R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements, March 2005.
	10	Russ Cox , Athicha Muthitacharoen , Robert Morris, Serving DNS Using a Peer-to-Peer Lookup Service, Revised Papers from the First International Workshop on Peer-to-Peer Systems, p.155-165, March 07-08, 2002