Title :
DNSsec in Isabelle - Replay Attack and Origin Authentication
Author :
Kammuller, Florian ; Kirsal-Ever, Yoney ; Xiaochun Cheng
Author_Institution :
Middlesex Univ. London, London, UK
Abstract :
In this paper, we present a formal model and analysis for the security extensions of the Domain Name System (DNSsec) in the interactive theorem prover Isabelle/HOL. Based on the inductive approach of security protocol analysis by Paulson in Isabelle/HOL, we show how the protocol can be modelled and important properties are proved. We prove that origin authentication works securely. In order to illustrate that the model is adequate, we show that previous domain name requests can be replayed - as in the classical DNS -by an attacker. These replays luckily can be uniquely identified in DNSsec due to the origin authentication mechanism that we establish to enhance security.
Keywords :
Internet; formal logic; interactive systems; message authentication; theorem proving; DNS; DNSsec; Isabelle/HOL; domain name system; formal analysis; formal model; higher-order logic; interactive theorem prover; origin authentication mechanism; replay attack; security extensions; security protocol analysis; Authentication; IP networks; Protocols; Public key; Servers; DNSsec; Isabelle/HOL; authentication; replay attack;
Conference_Titel :
Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on
Conference_Location :
Manchester
DOI :
10.1109/SMC.2013.812
