Abstract
The security extensions to the DNS (DNSSEC) currently cover approximately 3% of all domains worldwide. In response to the low deployment of DNSSEC, a few top-level domains started offering 'per-domain' economic incentives to encourage adoption of the protocol by offering a yearly discount on each signed domain. However, it remains unclear whether these incentives are well-balanced and foster the overall security of the infrastructure as well as its deployment at scale. In this paper we argue that, in the presence of fixed costs of deployment, misaligned 'per-domain' incentives may have the collateral effect of encouraging large operators to massively deploy unsecure implementations of DNSSEC, whereas smaller operators, for which the effect of the economic incentive is negligible, may not significantly benefit from it. To investigate this, we study the security of DNSSEC deployment at scale, particularly in TLDs that offer economic incentives. We find that the security of DNSSEC implementations in the wild poorly reflects standard recommendations, particularly for tasks that cannot be solved by triggering a flag in the DNS software service (e.g. key rollover). Further, we find that, on average, large operators deploy weak DNSSEC security more frequently than small DNSSEC operators, suggesting that current incentives are ineffective in promoting a secure adoption and in deterring insecure implementations. We conclude the paper with actionable recommendations for TLD registry operators to improve the alignment of economic incentives with secure DNSSEC requirements.
Original language | English |
---|---|
Title of host publication | IEEE/IFIP Network Operations and Management Symposium |
Subtitle of host publication | Cognitive Management in a Cyber World, NOMS 2018 |
Place of Publication | Brussels |
Publisher | Institute of Electrical and Electronics Engineers |
Pages | 1-9 |
Number of pages | 9 |
ISBN (Electronic) | 9781538634165 |
DOIs | |
Publication status | Published - 6 Jul 2018 |
Event | 2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018 - Taipei, Taiwan Duration: 23 Apr 2018 → 27 Apr 2018 |
Conference
Conference | 2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018 |
---|---|
Country/Territory | Taiwan |
City | Taipei |
Period | 23/04/18 → 27/04/18 |
Keywords
- DNS
- DNSSEC
- Economic incentives
- Measurement
- Network security