2017
DOI: 10.1109/tnet.2016.2605767
|View full text |Cite
|
Sign up to set email alerts
|

The Performance Impact of Elliptic Curve Cryptography on DNSSEC Validation

Abstract: Abstract-The domain name system (DNS) is a core Internet infrastructure that translates names to machine-readable information, such as IP addresses. Security flaws in DNS led to a major overhaul, with the introduction of the DNS security (DNSSEC) extensions. DNSSEC adds integrity and authenticity to the DNS using digital signatures. DNSSEC, however, has its own concerns. It suffers from availability problems due to packet fragmentation and is a potent source of distributed denial-of-service attacks. In earlier… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
11
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 13 publications
(11 citation statements)
references
References 26 publications
0
11
0
Order By: Relevance
“…The effects of the root KSK rollover on resolvers studied in this paper are part of the impact of DNSSEC on resolvers. Earlier work studies other aspects of the impact of DNSSEC, including the performance impact of DNSSEC validation [48][49][50][51] and the risks, in terms of availability and security, of packet fragmentation of large DNSSEC responses [11,52]. Even though [11] conclude that up to 10% of resolvers could have problems handling larger DNSSEC responses, we did not observe failures when the DNSKEY response size increased.…”
Section: Related Workmentioning
confidence: 55%
“…The effects of the root KSK rollover on resolvers studied in this paper are part of the impact of DNSSEC on resolvers. Earlier work studies other aspects of the impact of DNSSEC, including the performance impact of DNSSEC validation [48][49][50][51] and the risks, in terms of availability and security, of packet fragmentation of large DNSSEC responses [11,52]. Even though [11] conclude that up to 10% of resolvers could have problems handling larger DNSSEC responses, we did not observe failures when the DNSKEY response size increased.…”
Section: Related Workmentioning
confidence: 55%
“…RSA keys of 2048 bits provide a security strength of 112 bits, whereas the security strength of both the curve NIST P-256 and the SHA-256 hash algorithm is 128 bits [29]. In terms of performance, comparative studies show that RSA-2048 is faster than ECDSA P-256 for signature verification [30], whereas ECDSA P-256 can outperform RSA producing a signature [31]. However, optimizations on the code and processor architectures may impact the final performance.…”
Section: ) Digital Signature Algorithmsmentioning
confidence: 99%
“…The e ects of the root KSK rollover on resolvers studied in this paper are part of the impact of DNSSEC on resolvers. Earlier work studies other aspects of the impact of DNSSEC, including the performance impact of DNSSEC validation [155]- [158] and the risks, in terms of availability and security, of packet fragmentation of large DNSSEC responses [8], [121]. Even though [121] conclude that up to 10% of resolvers could have problems handling larger DNSSEC responses, we did not observe failures when the DNSKEY response size increased.…”
Section: Related Workmentioning
confidence: 52%
“…None of these protocols, however, have the same constraints as DNSSEC. Van Rijswijk-Deij et al [158] evaluate the performance of Elliptic Curve Cryptography in DNSSEC, but using PQC imposes additional size-requirements.…”
Section: Related Work and Approachmentioning
confidence: 99%
See 1 more Smart Citation