2015
DOI: 10.1145/2831347.2831350
|View full text |Cite
|
Sign up to set email alerts
|

Making the Case for Elliptic Curves in DNSSEC

Abstract: The Domain Name System Security Extensions (DNSSEC) add authenticity and integrity to the DNS, improving its security. Unfortunately, DNSSEC is not without problems. DNSSEC adds digital signatures to the DNS, significantly increasing the size of DNS responses. This means DNS-SEC is more susceptible to packet fragmentation and makes DNSSEC an attractive vector to abuse in amplificationbased denial-of-service attacks. Additionally, key management policies are often complex. This makes DNSSEC fragile and leads to… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

1
27
0

Year Published

2016
2016
2022
2022

Publication Types

Select...
3
2
1

Relationship

2
4

Authors

Journals

citations
Cited by 17 publications
(28 citation statements)
references
References 11 publications
1
27
0
Order By: Relevance
“…r 3 ) operated by SURFnet. 3 We performed a live capture of traffic 2 See http://www.internetsociety.org/deploy360/dnssec/statistics/ 3 The National Research and Education Network in the Netherlands. from clients to these DNS resolvers and replayed this traffic against an instrumented DNS resolver.…”
Section: B Modelmentioning
confidence: 99%
See 4 more Smart Citations
“…r 3 ) operated by SURFnet. 3 We performed a live capture of traffic 2 See http://www.internetsociety.org/deploy360/dnssec/statistics/ 3 The National Research and Education Network in the Netherlands. from clients to these DNS resolvers and replayed this traffic against an instrumented DNS resolver.…”
Section: B Modelmentioning
confidence: 99%
“…This number is then compared against a benchmark figure indicating the number of signature validations that can be performed on a single modern CPU core for specific elliptic curve digital signature schemes. Just as in our earlier study on the use of ECC in DNSSEC [3], we examine multiple signature schemes. We include the two signature schemes currently standardised for use in DNSSEC, ECDSA P-256 and ECDSA P-384 [14], [15].…”
Section: Popular-domains-first Growth To 100% Dnssec Deploy-mentioning
confidence: 99%
See 3 more Smart Citations