Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2015
IEEE
2015
IEEE
NSEC5: Provably Preventing DNSSEC Zone Enumeration
Abstract—We use cryptographic techniques to study zone enumeration in DNSSEC. DNSSEC is designed to prevent attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability, zone enumeration, enabling an adversary to use a small number of online DNSSEC queries combined with offline dictionary attacks to learn which domain names are present or absent in a DNS zone. We prove that the current DNSSEC standard, with NSEC and NSEC3 records, inherently suffers from zone enumeration: specifically, we show that security against (1) attackers that tamper with DNS messages and (2) privacy against zone enumeration cannot be satisfied simultaneously, unless the DNSSEC nameserver performs online public-key cryptographic operations. We then propose a new construction that uses online publickey cryptography to solve the problem of DNSSEC zone enumeration. NSEC5 can be thought of as a variant of NSEC3, in which t...
Real-time Traffic| Added | 15 Apr 2016 |
| Updated | 15 Apr 2016 |
| Type | Journal |
| Year | 2015 |
| Where | NDSS |
| Authors | Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, Leonid Reyzin, Sachin Vasant, Asaf Ziv |
Comments (0)
Researcher Info
|
