Secure distributed DNS

Cachin, Christian; Samar, Asad

doi:10.1109/dsn.2004.1311912

Cited by 25 publications

(16 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…While these works suppose that a single logger tracks a stream of ordered events, we have to deal with the race conditions (Counterexample 2) that result from allowing individual RPKI authorities to maintain their own logs (i.e., manifests). The idea of correcting power imbalances in a hierarchical system also appeared in work on distributing certificate authorities [66] and centralized systems like the DNS [1,15,55]; these works distribute the issuance of objects, but we only distribute revocation (since revocation can harm IP prefix reachability).…”

Section: Related Workmentioning

confidence: 99%

From the consent of the routed

Heilman

Cooper

Reyzin

et al. 2014

Proceedings of the 2014 ACM Conference on SIGCOMM

View full text Add to dashboard Cite

The Resource Public Key Infrastructure (RPKI) is a new infrastructure that prevents some of the most devastating attacks on interdomain routing. However, the security benefits provided by the RPKI are accomplished via an architecture that empowers centralized authorities to unilaterally revoke any IP prefixes under their control. We propose mechanisms to improve the transparency of the RPKI, in order to mitigate the risk that it will be used for IP address takedowns. First, we present tools that detect and visualize changes to the RPKI that can potentially take down an IP prefix. We use our tools to identify errors and revocations in the production RPKI. Next, we propose modifications to the RPKI's architecture to (1) require any revocation of IP address space to receive consent from all impacted parties, and (2) detect when misbehaving authorities fail to obtain consent. We present a security analysis of our architecture, and estimate its overhead using data-driven analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

From the consent of the routed

Heilman

Cooper

Reyzin

et al. 2014

Proceedings of the 2014 ACM Conference on SIGCOMM

View full text Add to dashboard Cite

show abstract

“…Cachin and Samar report on a design and implementation of a secure distributed name service, on the level of a DNS zone, that is able to provide fault tolerance and security even in the presence of a few corrupted name servers. 37 There are also new protocols with the same service functionality. 38…”

Section: New Developmentsmentioning

confidence: 99%

Security Issues in the TCP/IP Suite

Mateti¹

2007

Security in Distributed and Networking Systems

View full text Add to dashboard Cite

show abstract

“…Previous proposals on distributing DNS [7], [8], focused on the DNS nameservers, our goal in this work is to distribute the DNS resolvers. We propose a majority based protocol to securely generate a pool of servers via DNS which does not require any changes to the existing protocols nor infrastructure.…”

Section: Introductionmentioning

confidence: 99%

Secure Consensus Generation with Distributed DoH

Jeitner

Shulman

Waidner

2020

2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)

View full text Add to dashboard Cite

Many applications and protocols depend on the ability to generate a pool of servers to conduct majority-based consensus mechanisms and often this is done by doing plain DNS queries. A recent off-path attack [1] against NTP and security enhanced NTP with Chronos [2] showed that relying on DNS for generating the pool of NTP servers introduces a weak link. In this work, we propose a secure, backward-compatible address pool generation method using distributed DNS-over-HTTPS (DoH) resolvers which is aimed to prevent such attacks against server pool generation.

show abstract

Secure distributed DNS

Cited by 25 publications

References 18 publications

From the consent of the routed

From the consent of the routed

Security Issues in the TCP/IP Suite

Secure Consensus Generation with Distributed DoH

Contact Info

Product

Resources

About