Toward secure name resolution on the internet

Christian Grothoff, Matthias Wachs, Monika Ermert, Jacob Appelbaum

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

1 Citaat (Scopus)

Uittreksel

The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.

Originele taal-2Engels
Pagina's (van-tot)694-708
TijdschriftComputers and Security
Volume77
DOI's
StatusGepubliceerd - 1 aug 2018

Vingerafdruk

Internet
Wire
Network protocols
privacy
ICANN
surveillance
traffic

Citeer dit

Grothoff, Christian ; Wachs, Matthias ; Ermert, Monika ; Appelbaum, Jacob. / Toward secure name resolution on the internet. In: Computers and Security. 2018 ; Vol. 77. blz. 694-708.
@article{5ccbd10305be4ca1b871b373126b2e54,
title = "Toward secure name resolution on the internet",
abstract = "The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.",
keywords = "Future Internet, Name resolution, Network architecture, Privacy, Technology and society",
author = "Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum",
year = "2018",
month = "8",
day = "1",
doi = "10.1016/j.cose.2018.01.018",
language = "English",
volume = "77",
pages = "694--708",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier",

}

Toward secure name resolution on the internet. / Grothoff, Christian; Wachs, Matthias; Ermert, Monika; Appelbaum, Jacob.

In: Computers and Security, Vol. 77, 01.08.2018, blz. 694-708.

Onderzoeksoutput: Bijdrage aan tijdschriftTijdschriftartikelAcademicpeer review

TY - JOUR

T1 - Toward secure name resolution on the internet

AU - Grothoff, Christian

AU - Wachs, Matthias

AU - Ermert, Monika

AU - Appelbaum, Jacob

PY - 2018/8/1

Y1 - 2018/8/1

N2 - The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.

AB - The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works and describes security considerations for next generation name resolution systems. We then describe DNS variations and analyze their impact on security and privacy. We also consider Namecoin, the GNU Name System and RAINS, which are more radical re-designs of name systems in that they both radically change the wire protocol and also eliminate the existing global consensus on TLDs provided by ICANN. Finally, we assess how the different systems stack up with respect to the goal of improving security and privacy of name resolution for the future Internet.

KW - Future Internet

KW - Name resolution

KW - Network architecture

KW - Privacy

KW - Technology and society

UR - http://www.scopus.com/inward/record.url?scp=85043236174&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2018.01.018

DO - 10.1016/j.cose.2018.01.018

M3 - Article

AN - SCOPUS:85043236174

VL - 77

SP - 694

EP - 708

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -