Title :
Security vulnerabilities in DNS and DNSSEC
Author :
Ariyapperuma, Suranjith ; Mitchell, Chris J.
Author_Institution :
Inf. Security Group, London Univ., Egham
Abstract :
We present an analysis of security vulnerabilities in the domain name system (DNS) and the DNS security extensions (DNSSEC). DNS data that is provided by name servers lacks support for data origin authentication and data integrity. This makes DNS vulnerable to man in the middle (MITM) attacks, as well as a range of other attacks. To make DNS more robust, DNSSEC was proposed by the Internet Engineering Task Force (IETF). DNSSEC provides data origin authentication and integrity by using digital signatures. Although DNSSEC provides security for DNS data, it suffers from serious security and operational flaws. We discuss the DNS and DNSSEC architectures, and consider the associated security vulnerabilities
Keywords :
Internet; cryptography; data integrity; digital signatures; Internet Engineering Task Force; cryptography; data integrity; data origin authentication; digital signature; domain name system security extensions; name servers; security vulnerabilities; Authentication; Availability; Computer crime; Data security; Databases; Digital signatures; File servers; Information analysis; Information security; TCPIP;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.139
