Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2000
IEEE
2000
IEEE
Enabling Secure On-Line DNS Dynamic Update
Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. In this paper, we point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: 1) the on-line storage of a zone security key, creating a single point of attack for both inside and outside attackers, and 2) the violation of the role separation principle, which in the context of DNSSEC separates the roles of zone security managers from DNS server administrators. To address these issues, we propose a secure DNS architecture that is based on threshold cryptography. We show that the architecture adheres to the role separation principle without presenting any single point of attack. Our experimental results reveal that, in terms of signature computation times,...
Real-time TrafficACSAC 2000 | DNS Security Extension | Role Separation Principle | Security Extension | Security Privacy |
Related Content
| Added | 30 Jul 2010 |
| Updated | 30 Jul 2010 |
| Type | Conference |
| Year | 2000 |
| Where | ACSAC |
| Authors | Xunhua Wang, Yih Huang, Yvo Desmedt, David Rine |
Comments (0)
Researcher Info
|
