Deakin University
Browse

An on-demand defense scheme against DNS cache poisoning attacks

Version 2 2024-06-05, 09:51
Version 1 2019-03-04, 14:09
conference contribution
posted on 2024-06-05, 09:51 authored by Z Wang, S Yu, S Rose
The threats of caching poisoning attacks largely stimulate the deployment of DNSSEC. Being a strong but demanding cryptographical defense, DNSSEC has its universal adoption predicted to go through a lengthy transition. Thus the DNSSEC practitioners call for a secure yet lightweight solution to speed up DNSSEC deployment while offering an acceptable DNSSEC-like defense. This paper proposes a new On-Demand Defense (ODD) scheme against cache poisoning attacks, still using but lightly using DNSSEC. In the solution, DNS operates in DNSSEC-oblivious mode unless a potential attack is detected and triggers a switch to DNSSEC-aware mode. The modeling checking results demonstrate that only a small DNSSEC query load is needed by the ODD scheme to ensure a small enough cache poisoning success rate.

History

Volume

238

Pagination

793-807

Location

Niagara Falls, Ont.

Start date

2017-10-22

End date

2017-10-25

ISSN

1867-8211

ISBN-13

9783319788128

Language

eng

Publication classification

E Conference publication, E1 Full written paper - refereed

Copyright notice

2018, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Editor/Contributor(s)

Lin X, Ghorbani A, Ren K, Zhu S, Zhang A

Title of proceedings

SecureComm 2017 : Proceedings of the 13th International Conference on Security and Privacy in Communication Networks 2017

Event

European Alliance for Innovation. Conference (13th : 2017 : Niagara Falls, Ont.)

Publisher

Springer

Place of publication

Cham, Switzerland

Series

European Alliance for Innovation Conference