More Web Proxy on the site http://driver.im/

Article

A new approach to DNS security (DNSSEC)

Authors:

Giuseppe Ateniese,

Stefan MangardAuthors Info & Claims

CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

Pages 86 - 95

https://doi.org/10.1145/501983.501996

Published: 05 November 2001 Publication History

Abstract

The Domain Name System (DNS) is a distributed database that allows convenient storing and retrieving of resource records. DNS has been extended to provide security services (DNSSEC) mainly through public-key cryptography. We propose a new approach to DNSSEC that may result in a significantly more efficient protocol. We introduce a new strategy to build chains of trust from root servers to authoritative servers. The techniques we employ are based on symmetric-key cryptography.

References

[1]

Paul Albitz and Cricket Liu,DNS and BIND,4th Edition O 'Reilly,2001.]]

Digital Library

[2]

G.Ateniese and A.Del Sorbo,"Design and Implementation Issues in SK-DNSSEC ",Manuscript i preparation 2001. Available o www.cs.jhu.edu/~ateniese/skdnssec.html]]

[3]

M.Bellare,R.Canetti,and H.Krawczyk,"Keying hash functions for message authentication ".In Advances in Cryptology -Crypto 1996 Proceedings,LNCS Vol.1109,N. Koblitz ed,Springer-Verlag,1996.]]

Digital Library

[4]

M.Bellare and C.Namprempre,"Authenticated Encryption:Relations among otions and analysis of the generic composition paradigm ",In Advances in Cryptology - Asiacrypt 2000 Proceedings,LNCS Vol.1976,T.Okamoto ed,Springer-Verlag,2000.]]

Digital Library

[5]

Steve M.Bellovin,"Using the Domain Name System for System Break-Ins ",Proceedings of the Fifth Usenix Unix Security Symposium,pp.199 -208,June 1995.]]

Digital Library

[6]

D.Davis and R.Swick,"Network Security via Private- Key Certi .cates ",USENIX 3rd Security Symposium Proceedings,(Baltimore;Sept.'92).Also i ACM Operating Systems Review,v.24,n.4 (Oct.1990).]]

Digital Library

[7]

James M.Galvin,""Public Key Distribution with Secure DNS ",i 6th USENIX UNIX Security Symposium,July 1996.]]

Digital Library

[8]

Information and statistics about F.root-servers.net, www.isc.org/services/public/F-root-server.html]]

[9]

Hugo Krawczyk,"The order of encryption and authentication for protecting communications (Or:how secure is SSL?)".To appear in the proceedings of CRYPTO 2001.]]

Digital Library

[10]

B.Cli .ord Neuman and Theodore Ts 'o.Kerberos:A Authentication Service for Computer Networks,IEEE Communications,32(9):33-38.September 1994.]]

Digital Library

[11]

RSA Security site defaced ZDNet 2000. www.zdnet.com/zdnn/stories/news/0,4586,2437384,00.html]]

[12]

Secure Network Time Protocol (stime), www.ietf.org/html.charters/stime-charter.html]]

[13]

Eastlake,D.,"Bigger Domain Name System UDP Replies ", Internet Draft,www.ietf.org/proceedings/98aug/I-D/draft-ietfdnsind-udp-size-02.txt]]

[14]

Lottor,M.,"Domain Administrators Operations Guide ", RFC 1033 November 1987.]]

Digital Library

[15]

Mockapetris,P.,"Domain Names -Concepts and Facilities ",RFC 1034 November 1987.]]

Digital Library

[16]

Mockapetris,P.,"Domain Names -Implementation and Speci .cations ",RFC 1035 November 1987.]]

Digital Library

[17]

J.Kohl,C.Neuman,"The Kerberos Network Authentication Service (V5)",RFC 1510 September 1993.]]

Digital Library

[18]

Eastlake,D.and C.Kaufman,"Domain Name System Security Extensions ",RFC 2065 January 1997.]]

Digital Library

[19]

H.Krawczyk,M.Bellare,R.Canetti,"HMAC: Keyed-Hashing for Message Authentication ",RFC 2104 February 1997.]]

Digital Library

[20]

Eastlake,D.,"Domain Name System Security Extensions ", RFC 2535 March 1999.]]

Digital Library

[21]

EastLake,D.,"DSA KEYs and SIGs i the Domain Name System (DNS)",RFC 2536 March 1999.]]

Digital Library

[22]

Eastlake,D.,"RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)",RFC 2537 March 1999.]]

Digital Library

[23]

Eastlake,D.,Gudmundsson,O.,"Storing Certi .cates in the Domain Name System (DNS)",RFC 2538 March 1999.]]

Digital Library

[24]

Eastlake,D.,"Storage of Di .e-Hellman Keys in the Domain Name System (DNS)"",RFC 2539 March 1999.]]

Digital Library

[25]

Vixie,P.,Gudmundsson,O.,Eastlake,D.and B. Wellington,"Secret Key Transaction Signatures for DNS (TSIG)",RFC 2845 May 2000.]]

Digital Library

[26]

Eastlake,D.,"Secret Key Establishment for DNS (TKEY RR)",RFC 2930 September 2000.]]

Digital Library

[27]

Eastlake,D.,"DNS Request and Transaction Signatures (SIG(0)s)",RFC 2931 September 2000.]]

Digital Library

Cited By

Liu GJin LHao SZhang YLiu DStavrou AWang HMontpetit MLeivadeas AUhlig SJaved M(2023)Dial "N" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent DomainsProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624805(198-212)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624805
Bannat Wala FCampbell SKiran MCafaro MChan-Tin EChou JKim J(2023)Insights into DoH: Traffic Classification for DNS over HTTPS in an Encrypted NetworkProceedings of the 2023 on Systems and Network Telemetry and Analytics10.1145/3589012.3594895(9-17)Online publication date: 28-Jul-2023
https://dl.acm.org/doi/10.1145/3589012.3594895
Singh BKavita (2023)SSHTDNS: A Blockchain-Based Secure, Scalable, and High-Throughput Domain Name System2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)10.1109/ICACITE57410.2023.10182552(2192-2195)Online publication date: 12-May-2023
https://doi.org/10.1109/ICACITE57410.2023.10182552
Show More Cited By

Index Terms

A new approach to DNS security (DNSSEC)

Recommendations

Security Arguments for Digital Signatures and Blind Signatures

Since the appearance of public-key cryptography in the seminal Diffie--Hellman paper, many new schemes have been proposed and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years ...
New multi-proxy multi-signature schemes

A new kind of proxy signature schemes is first proposed: multi-proxy multi-signature schemes. In multi-proxy multi-signature schemes, an original group of signers can authorize a group of proxy signers under the agreement of all singers both in the ...
On the Security of the PKCS#1 v1.5 Signature Scheme
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

November 2001

274 pages

ISBN:1581133855

DOI:10.1145/501983

Conference Chair:
Mike Reiter
Bell Labs, USA
,
Editor:
Pierangela Samarati
University of Milan, Italy

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 November 2001

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS01

Sponsor:

SIGSAC

CCS01: 8th ACM Conference on Computer and Communications Security

November 5 - 8, 2001

PA, Philadelphia, USA

Acceptance Rates

CCS '01 Paper Acceptance Rate 27 of 153 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
2,818
Total Downloads

Downloads (Last 12 months)112
Downloads (Last 6 weeks)5

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu GJin LHao SZhang YLiu DStavrou AWang HMontpetit MLeivadeas AUhlig SJaved M(2023)Dial "N" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent DomainsProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624805(198-212)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624805
Bannat Wala FCampbell SKiran MCafaro MChan-Tin EChou JKim J(2023)Insights into DoH: Traffic Classification for DNS over HTTPS in an Encrypted NetworkProceedings of the 2023 on Systems and Network Telemetry and Analytics10.1145/3589012.3594895(9-17)Online publication date: 28-Jul-2023
https://dl.acm.org/doi/10.1145/3589012.3594895
Singh BKavita (2023)SSHTDNS: A Blockchain-Based Secure, Scalable, and High-Throughput Domain Name System2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)10.1109/ICACITE57410.2023.10182552(2192-2195)Online publication date: 12-May-2023
https://doi.org/10.1109/ICACITE57410.2023.10182552
Sharma PArora DKumar A(2022)Binary Tree-Based Asymmetric Moderate Algorithm for Secured DNSProceedings of International Conference on Recent Trends in Computing10.1007/978-981-16-7118-0_38(443-453)Online publication date: 15-Jan-2022
https://doi.org/10.1007/978-981-16-7118-0_38
Schwenk JSchwenk J(2022)DNS SecurityGuide to Internet Cryptography10.1007/978-3-031-19439-9_15(353-375)Online publication date: 26-Nov-2022
https://doi.org/10.1007/978-3-031-19439-9_15
Gallersdorfer UMatthes F(2021)TeSC: TLS/SSL-Certificate Endorsed Smart Contracts2021 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS)10.1109/DAPPS52256.2021.00016(95-100)Online publication date: Aug-2021
https://doi.org/10.1109/DAPPS52256.2021.00016
Habibi Gharakheili HHamza ASivaraman V(2021)Cyber‐Securing IoT Infrastructure by Modeling Network TrafficSecurity and Privacy in the Internet of Things10.1002/9781119607755.ch6(151-176)Online publication date: 3-Dec-2021
https://doi.org/10.1002/9781119607755.ch6
Wang ZLin JCai QWang QZha DJing J(2020)Blockchain-based Certificate Transparency and Revocation TransparencyIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.2983022(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.2983022
Rajput DThakkar A(2019)A Survey on Different Network Intrusion Detection Systems and CounterMeasureEmerging Research in Computing, Information, Communication and Applications10.1007/978-981-13-6001-5_41(497-506)Online publication date: 11-Sep-2019
https://doi.org/10.1007/978-981-13-6001-5_41
Wang ZLin JCai QWang QJing JZha D(2019)Blockchain-Based Certificate Transparency and Revocation TransparencyFinancial Cryptography and Data Security10.1007/978-3-662-58820-8_11(144-162)Online publication date: 10-Feb-2019
https://doi.org/10.1007/978-3-662-58820-8_11
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents