An opportunistic encryption extension for the DNS protocol

Author

Bucuti, Theogene Hakiza ; Dantu, Ram

Author_Institution

Dept. of Comput. Sci. & Eng., Univ. of North Texas, Denton, TX, USA

fYear

2015

fDate

27-29 May 2015

Firstpage

194

Lastpage

194

Abstract

Confidentiality for DNS transactions has been a low-priority concern in DNS security for a long time due to performance requirements for the functionality of DNS and the fact that data in the DNS is considered public. However, the information carried in DNS transactions, if collected and analyzed, can pose real threats to personal privacy. This makes DNS a good target for passive eavesdropping to collect data for many purposes some of which may be malicious. The protocol described in this document is intended to facilitate an opportunistic negotiation of encryption in the DNS to provide confidentiality for the last mile of DNS resolution. It defines procedures to discover encryption-aware servers and how to establish a relationship with them with minimum overhead.

Keywords

Internet; computer network security; cryptographic protocols; DNS protocol; DNS security; DNS transactions; opportunistic encryption extension; passive eavesdropping; performance requirements; personal privacy; pose real threats; Encryption; Privacy; Protocols; Public key; Servers;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on

Conference_Location

Baltimore, MD

Print_ISBN

978-1-4799-9888-3

Type

conf

DOI

10.1109/ISI.2015.7165976

Filename

7165976