검색 상세

Look-Aside at Your Own Risk: Privacy Implications of DNSSEC Look-Aside Validation

  • 주제(키워드) Servers , Privacy , Public key , Superluminescent diodes , Internet , Operating systems , Domain name system , privacy leakage , defenses
  • 주제(기타) Computer Science, Hardware & Architecture
  • 주제(기타) Computer Science, Information Systems
  • 주제(기타) Computer Science, Software Engineering
  • 설명문(일반) [Mohaisen, Aziz] Univ Cent Florida, Dept Comp Sci, Orlando, FL 32816 USA; [Gu, Zhongshu] IBM TJ Watson Res Ctr, Secur Res Dept, Yorktown Hts, NY 10598 USA; [Ren, Kui] SUNY Buffalo, Dept Comp Sci & Engn, Buffalo, NY 14260 USA; [Li, Zhenhua] Tsinghua Univ, Sch Software, Beijing 100084, Peoples R China; [Kamhoua, Charles A.] Army Res Lab, Network Secur Branch, Adelphi, MD 20783 USA; [Njilla, Laurent L.] Air Force Res Lab, Cyber Assurance Branch, Rome, NY 13440 USA; [Nyang, DaeHun] Inha Univ, Comp Informat Engn Dept, Incheon 22212, South Korea; [Nyang, DaeHun] Inha Univ, Informat Secur Res Lab, Incheon 22212, South Korea
  • 관리정보기술 faculty
  • 등재 SCIE, SCOPUS
  • 발행기관 IEEE COMPUTER SOC
  • 발행년도 2020
  • 세부유형 Article
  • URI http://www.dcollection.net/handler/ewha/000000182491
  • 본문언어 영어
  • Published As http://dx.doi.org/10.1109/TDSC.2018.2816026

초록/요약

The Domain Name System Security Extension (DNSSEC) leverages public-key cryptography to provide data integrity, source authentication, and denial of existence for DNS responses. To complement DNSSEC operations, DNSSEC Look-aside Validation (DLV) is designed for alternative off-path validation. Although DNS privacy attracts a lot of attention, the privacy implications of DLV are not fully investigated and understood. In this paper, we take a first in-depth look into DLV, highlighting its lax specifications and privacy implications. By performing extensive experiments over datasets of domain names under comprehensive experimental settings, our findings firmly confirm the privacy leakages caused by DLV. We discover that a large number of domains that should not be sent to DLV servers are being leaked. We explore the root causes, including the lax specifications of DLV. We also propose two approaches to fix the privacy leakages. Our approaches require trivial modifications to the existing DNS standards, and we demonstrate their cost in terms of latency and communication.

more
반출 Meta View 목록