Abstract
The traditional Domain Name System (DNS) does not include any security details, making it vulnerable to a variety of attacks which were discovered in 1990. The Domain Name System Security Extensions (DNSSEC) attempted to address these concerns and extended the DNS protocol to add origin authentication and message integrity whilst remaining backwards compatible. Yet despite the fact that issues with DNS have been well known since the late 90s, there has been very little adoption of DNSSEC. This paper proposes a new system using blockchain technology. Our system aims to provide the same security benefits as DNSSEC whilst addressing the concerns that led to its slow adoption.
This work was supported, in part, by Science Foundation Ireland grant 13/RC/2094 and co-funded under the European Regional Development Fund through the Southern & Eastern Regional Operational Programme to Lero - the Irish Software Research Centre (www.lero.ie).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ali, M., Nelson, J.C., Shea, R., Freedman, M.J.: Blockstack: a global naming and storage system secured by blockchains. In: USENIX Annual Technical Conference, pp. 181–194 (2016)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Resource records for the DNS security extensions. Technical report (2005)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management part 1: general (revision 3). NIST Spec. Publ. 800(57), 1–147 (2012)
CactusVPN: All you need to know about DNS hijacking (2017). https://www.cactusvpn.com/beginners-guide-online-security/dns-hijacking/
Communications, D.: DNSSEC deployment report (2018). http://rick.eng.br/dnssecstat/
Internet System Consortium: Linux man page (2018). https://linux.die.net/man/8/dnssec-signzone
Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., Nicholas, R.: Internet x. 509 public key infrastructure: certification path building. Technical report (2005)
Ford, W., Baum, M.S.: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall PTR (2000)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet x. 509 public key infrastructure certificate and CRL profile. Technical report (1998)
Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from DNS rebinding attacks. ACM Trans. Web (TWEB) 3(1), 2 (2009)
Mockapetris, P.: RFC 1035-domain names-implementation and specification, November 1987 (2004). http://www.ietf.org/rfc/rfc1035.txt
van Rijswijk-Deij, R., Sperotto, A., Pras, A.: DNSSEC and its potential for DDoS attacks: a comprehensive measurement study. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 449–460. ACM (2014)
van Rijswijk-Deij, R., Sperotto, A., Pras, A.: Making the case for elliptic curves in DNSSEC. ACM SIGCOMM Comput. Commun. Rev. 45(5), 13–19 (2015)
Son, S., Shmatikov, V.: The Hitchhiker’s guide to DNS cache poisoning. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 466–483. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16161-2_27
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_19
Tewari, H., Hughes, A., Weber, S., Barry, T.: X509cloud-framework for a ubiquitous PKI. In: Military Communications Conference (MILCOM), MILCOM 2017. IEEE, pp. 225–230. IEEE (2017)
Van Den Broek, G., van Rijswijk-Deij, R., Sperotto, A., Pras, A.: DNSSEC meets real world: dealing with unreachability caused by fragmentation. IEEE Commun. Mag. 52(4), 154–160 (2014)
Younglove, R.W.: Public key infrastructure. How it works. Comput. Control Eng. J. 12(2), 99–102 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Gourley, S., Tewari, H. (2019). Blockchain Backed DNSSEC. In: Abramowicz, W., Paschke, A. (eds) Business Information Systems Workshops. BIS 2018. Lecture Notes in Business Information Processing, vol 339. Springer, Cham. https://doi.org/10.1007/978-3-030-04849-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-04849-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04848-8
Online ISBN: 978-3-030-04849-5
eBook Packages: Computer ScienceComputer Science (R0)