Thumbnail
Access Restriction
Subscribed

Author He Yan ♦ Osterweil, E. ♦ Hajdu, J. ♦ Acres, J. ♦ Massey, D.
Source IEEE Xplore Digital Library
Content type Text
Publisher Institute of Electrical and Electronics Engineers, Inc. (IEEE)
File Format PDF
Copyright Year ©2008
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Limiting ♦ Public key ♦ Silicon ♦ Robustness ♦ Servers ♦ Security ♦ IP networks
Abstract The DNS security extensions (DNSSEC) added public key cryptography to the DNS, but problems remain in selecting signature lifetimes. A zonepsilas master server distributes signatures to secondary servers. The signatures lifetimes should be long so that a secondary server can still operate if the master fails. However, DNSSEC lacks revocation. Signed data can be replayed until the signature expires and thus zones should select a short signature lifetime. Operators must choose between reduced robustness or long replay vulnerability windows. This paper introduces a revised DNSSEC signature that allows secondary servers to operate even if the master has failed while simultaneously limiting replay windows to twice the TTL. Each secondary server constructs a hash chain and relays the hash chain anchor to the master server. The signature produced by the master server ensures the authenticity of the hash anchor and the DNS data. A secondary server includes both the signature and a hash chain value used by resolvers to limit signature replay. Our implementation shows the added costs are minimal compared to DNSSEC and ensures robustness against long-term master server failures. At the same time, we limit replay to twice the record TTL value.
Description Author affiliation: Colorado State Univ., Fort Collins, CO (He Yan; Hajdu, J.; Acres, J.; Massey, D.) || UCLA, Los Angeles, CA (Osterweil, E.)
ISBN 9781424426515
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research ♦ Reading
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2008-10-19
Publisher Place USA
Rights Holder Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Size (in Bytes) 796.54 kB
Page Count 6
Starting Page 3
Ending Page 8


Source: IEEE Xplore Digital Library