Abstract
The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.
| Original language | English |
|---|---|
| Pages (from-to) | 694-708 |
| Journal | Computers and Security |
| Volume | 77 |
| DOIs | |
| Publication status | Published - 1 Aug 2018 |
Fingerprint
Keywords
- Future Internet
- Name resolution
- Network architecture
- Privacy
- Technology and society
Cite this
}
Toward secure name resolution on the internet. / Grothoff, Christian; Wachs, Matthias; Ermert, Monika; Appelbaum, Jacob.
In: Computers and Security, Vol. 77, 01.08.2018, p. 694-708.Research output: Contribution to journal › Article › Academic › peer-review
TY - JOUR
T1 - Toward secure name resolution on the internet
AU - Grothoff, Christian
AU - Wachs, Matthias
AU - Ermert, Monika
AU - Appelbaum, Jacob
PY - 2018/8/1
Y1 - 2018/8/1
N2 - The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.
AB - The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.
KW - Future Internet
KW - Name resolution
KW - Network architecture
KW - Privacy
KW - Technology and society
UR - http://www.scopus.com/inward/record.url?scp=85043236174&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2018.01.018
DO - 10.1016/j.cose.2018.01.018
M3 - Article
AN - SCOPUS:85043236174
VL - 77
SP - 694
EP - 708
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
ER -