| Autor: |
Zheng Wang, Shui Yu, Scott Rose |
| Jazyk: |
angličtina |
| Rok vydání: |
2018 |
| Předmět: |
|
| Zdroj: |
EAI Endorsed Transactions on Security and Safety, Vol 4, Iss 14, Pp 1-17 (2018) |
| Druh dokumentu: |
article |
| ISSN: |
2032-9393 |
| DOI: |
10.4108/eai.15-5-2018.154771 |
| Popis: |
The threats of caching poisoning attacks largely stimulate the deployment of DNSSEC. Being a strong but demanding cryptographical defense, DNSSEC has its universal adoption predicted to go through a lengthy transition. Thus the DNSSEC practitioners call for a secure yet lightweight solution to speed up DNSSEC deployment while offering an acceptable DNSSEC-like defense. This paper proposes a new On-Demand Defense (ODD) scheme against cache poisoning attacks, still using but lightly using DNSSEC. In the solution, DNS operates in DNSSEC-oblivious mode unless a potential attack is detected and triggers a switch to DNSSEC-aware mode. The modeling checking results demonstrate that only a small DNSSEC query load is needed by the ODD scheme to ensure a small enough cache poisoning success rate. |
| Databáze: |
Directory of Open Access Journals |
| Externí odkaz: |
|
