Title :
An opportunistic encryption extension for the DNS protocol
Author :
Bucuti, Theogene Hakiza ; Dantu, Ram
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of North Texas, Denton, TX, USA
Abstract :
Confidentiality for DNS transactions has been a low-priority concern in DNS security for a long time due to performance requirements for the functionality of DNS and the fact that data in the DNS is considered public. However, the information carried in DNS transactions, if collected and analyzed, can pose real threats to personal privacy. This makes DNS a good target for passive eavesdropping to collect data for many purposes some of which may be malicious. The protocol described in this document is intended to facilitate an opportunistic negotiation of encryption in the DNS to provide confidentiality for the last mile of DNS resolution. It defines procedures to discover encryption-aware servers and how to establish a relationship with them with minimum overhead.
Keywords :
Internet; computer network security; cryptographic protocols; DNS protocol; DNS security; DNS transactions; opportunistic encryption extension; passive eavesdropping; performance requirements; personal privacy; pose real threats; Encryption; Privacy; Protocols; Public key; Servers;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4799-9888-3
DOI :
10.1109/ISI.2015.7165976
