Implementing DNSSEC soft delegation for microservices
Autor: | Marin-Lopez, Andres, Arias-Cabarcos, Patricia, Strufe, Thorsten, Barceló-Soteras, Gabriel, Almenares-Mendoza, Florina, Díaz-Sánchez, Daniel |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2021 |
DOI: | 10.14279/tuj.eceasst.80.1165.1083 |
Popis: | Securing DNS in Edge- and Fog computing, or other scenarios where microservices are offloaded, requires the provision of zone signing keys to the third parties who control the computing infrastructure. This fundamentally allows the infrastructure provider to create novel signatures at their discretion and even arbitrarily extend the certificate chain. Based on our proposal on soft delegation for DNSSEC, which curtails this vulnerability, we report on our proof-of-concept: a C-implementation of chameleon hashes in OpenSSL, a server side implementation of the mechanism in the ldns server, and an offline client that validates the signed records, in this paper. We also discuss different approaches for generating DNSSEC RRSIG records, and the behavior of a resolver to verify the credentials and securely connect to an end point using TLS with SNI and DANE. Electronic Communications of the EASST, Volume 80: Conference on Networked Systems 2021 (NetSys 2021) |
Databáze: | OpenAIRE |
Externí odkaz: |