Autonomous DNSSEC: Secured pseudo DNS domains for personal networks

Although security protocols like TLS/SSL are widely used in the Internet, it is still difficult to secure communications among personal network devices, typically seen in P2P applications and pervasive computing environment. This is because it is uncommon among such personal devices to have public key certificates to authenticate themselves, and furthermore, most of them do not have persistent names or addresses to identify themselves. In this paper, we propose Autonomous DNSSEC, which allows people to generate pseudo DNS domains for personal networks by themselves and to secure them with DNSSEC. By having a secured DNS domain, people can register names and authentication information like public keys of personal devices under their pseudo domain, and make that information securely accessible by other people. In our proposal, DNS records of pseudo domains are separately stored in the distributed hash tables (DHTs) dedicated to this purpose, and thus no modification to existing DNS servers is required. By modifying the DNS resolver mechanism on the client side, even unmodified applications can securely access the information registered under pseudo domains. Therefore, applications that can use the DNS for storing public keys or their certificates can instantly utilize our system for securing their communication. We demonstrate this by showing how an unmodified OpenSSH client can properly authenticate its target host using our system.