• DocumentCode
    3050909
  • Title

    DNSsec in Isabelle - Replay Attack and Origin Authentication

  • Author

    Kammuller, Florian ; Kirsal-Ever, Yoney ; Xiaochun Cheng

  • Author_Institution
    Middlesex Univ. London, London, UK
  • fYear
    2013
  • fDate
    13-16 Oct. 2013
  • Firstpage
    4772
  • Lastpage
    4777
  • Abstract
    In this paper, we present a formal model and analysis for the security extensions of the Domain Name System (DNSsec) in the interactive theorem prover Isabelle/HOL. Based on the inductive approach of security protocol analysis by Paulson in Isabelle/HOL, we show how the protocol can be modelled and important properties are proved. We prove that origin authentication works securely. In order to illustrate that the model is adequate, we show that previous domain name requests can be replayed - as in the classical DNS -by an attacker. These replays luckily can be uniquely identified in DNSsec due to the origin authentication mechanism that we establish to enhance security.
  • Keywords
    Internet; formal logic; interactive systems; message authentication; theorem proving; DNS; DNSsec; Isabelle/HOL; domain name system; formal analysis; formal model; higher-order logic; interactive theorem prover; origin authentication mechanism; replay attack; security extensions; security protocol analysis; Authentication; IP networks; Protocols; Public key; Servers; DNSsec; Isabelle/HOL; authentication; replay attack;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on
  • Conference_Location
    Manchester
  • Type

    conf

  • DOI
    10.1109/SMC.2013.812
  • Filename
    6722567
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3050909