Reasoning about DNSSEC

  • Kollapalli Ramesh Babu
  • Vineet Padmanabhan
  • Wilson Naik Bhukya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7080)


This Paper outlines a logic based formal approach to represent and reason about the DNSSEC (Domain Name System Security Extensions) protocol. DNSSEC provides security services to the existing DNS protocol mainly through public key cryptography. But, it is well known that even the use of the most perfect cryptographic tools does not always ensure the desired security goals. This situation arises because of logical flaws in the design of protocols. Our aim is to represent and reason about DNSSEC protocol using the Modal Logic system SVO so as to derive the desired goals of the protocol.


Security Protocols Modal Logic Knowledge Representation & Reasoning 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Tuttle, M.: A semantics for a logic of authentication. In: Proceedings of the ACM Symposium of Principles of Distributed Computing, pp. 201–216. ACM Press (1991)Google Scholar
  2. 2.
    Albitz, P., Liu, C.: DNS and BIND, 4th edn. O’Reilly (April 2001)Google Scholar
  3. 3.
    Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Dns security introduction and requirements. RFC 4033, Internet Engineering Task Force, 1 (March 2005)Google Scholar
  4. 4.
    Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Resource records for the dns security extensions. RFC 4034, Internet Engineering Task Force, 1 (March 2005)Google Scholar
  5. 5.
    Ariyapperuma, S., Mitchell, C.J.: Security vulnerabilities in dns and dnssec. In: ARES, pp. 335–342 (2007)Google Scholar
  6. 6.
    Burrows, M., Abadi, M., Needham, R.M.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)CrossRefzbMATHGoogle Scholar
  7. 7.
    Fagin, R., Halpern, J., Moses, Y., Vardi, M.: Reasoning about knowledge. MIT Press (1995)Google Scholar
  8. 8.
    Huston, G.: Dnssec - the theory. The ISP Column, 1 (August 2006)Google Scholar
  9. 9.
    Mathuria, A.M., Safavi-naini, R., Nickolas, P.R.: On the automation of gny logic. In: Proceedings of the 18th Australian Computer Science Conference, pp. 370–379 (1995)Google Scholar
  10. 10.
    Syverson, P.F., Van Oorschot, P.C.: A unified cryptographic protocol logic. Technical report, NRL Publication 5540-227, Naval Research Lab (1996)Google Scholar
  11. 11.
    van Oorschot, P.: Extending cryptographic logics of belief to key agreement protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 232–243. ACM (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Kollapalli Ramesh Babu
    • 1
  • Vineet Padmanabhan
    • 1
  • Wilson Naik Bhukya
    • 1
  1. 1.Department of Computers & Information SciencesUniversity of HyderabadHyderabadIndia

Personalised recommendations