Sciweavers

ACSAC
2000
IEEE

Enabling Secure On-Line DNS Dynamic Update

14 years 2 months ago
Enabling Secure On-Line DNS Dynamic Update
Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. In this paper, we point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: 1) the on-line storage of a zone security key, creating a single point of attack for both inside and outside attackers, and 2) the violation of the role separation principle, which in the context of DNSSEC separates the roles of zone security managers from DNS server administrators. To address these issues, we propose a secure DNS architecture that is based on threshold cryptography. We show that the architecture adheres to the role separation principle without presenting any single point of attack. Our experimental results reveal that, in terms of signature computation times,...
Xunhua Wang, Yih Huang, Yvo Desmedt, David Rine
Added 30 Jul 2010
Updated 30 Jul 2010
Type Conference
Year 2000
Where ACSAC
Authors Xunhua Wang, Yih Huang, Yvo Desmedt, David Rine
Comments (0)