318 research outputs found
Evaluation of Anonymized ONS Queries
Electronic Product Code (EPC) is the basis of a pervasive infrastructure for
the automatic identification of objects on supply chain applications (e.g.,
pharmaceutical or military applications). This infrastructure relies on the use
of the (1) Radio Frequency Identification (RFID) technology to tag objects in
motion and (2) distributed services providing information about objects via the
Internet. A lookup service, called the Object Name Service (ONS) and based on
the use of the Domain Name System (DNS), can be publicly accessed by EPC
applications looking for information associated with tagged objects. Privacy
issues may affect corporate infrastructures based on EPC technologies if their
lookup service is not properly protected. A possible solution to mitigate these
issues is the use of online anonymity. We present an evaluation experiment that
compares the of use of Tor (The second generation Onion Router) on a global
ONS/DNS setup, with respect to benefits, limitations, and latency.Comment: 14 page
Can NSEC5 be practical for DNSSEC deployments?
NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results
indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf
Short Paper: On Deployment of DNS-based Security Enhancements
Although the Domain Name System (DNS) was designed as a naming system, its
features have made it appealing to repurpose it for the deployment of novel
systems. One important class of such systems are security enhancements, and
this work sheds light on their deployment. We show the characteristics of these
solutions and measure reliability of DNS in these applications. We investigate
the compatibility of these solutions with the Tor network, signal necessary
changes, and report on surprising drawbacks in Tor's DNS resolution.Comment: Financial Cryptography and Data Security (FC) 201
Realistic, Extensible DNS and mDNS Models for INET/OMNeT++
The domain name system (DNS) is one of the core services in today's network
structures. In local and ad-hoc networks DNS is often enhanced or replaced by
mDNS. As of yet, no simulation models for DNS and mDNS have been developed for
INET/OMNeT++. We introduce DNS and mDNS simulation models for OMNeT++, which
allow researchers to easily prototype and evaluate extensions for these
protocols. In addition, we present models for our own experimental extensions,
namely Stateless DNS and Privacy-Enhanced mDNS, that are based on the
aforementioned models. Using our models we were able to further improve the
efficiency of our protocol extensions.Comment: Published in: A. F\"orster, C. Minkenberg, G. R. Herrera, M. Kirsche
(Eds.), Proc. of the 2nd OMNeT++ Community Summit, IBM Research - Zurich,
Switzerland, September 3-4, 201
DNSSEC : aspectos gerais de segurança, eficiĂŞncia e estatĂsticas de uso no contexto brasileiro
Monografia (graduação)—Universidade de BrasĂlia, Faculdade de Tecnologia, Departamento de Engenharia ElĂ©trica, 2015.Este trabalho estuda o funcionamento dos sistemas DNS e DNSSEC, alĂ©m de analisar alguns aspectos desses mecanismos, tais como desempenho, eficiĂŞncia, estatĂsticas de uso e fraudes, incluindo tĂ©cnicas de segurança em redes locais. O DNS Ă© um dos principais pilares da Internet. Ataques bem-sucedidos a servidores responsáveis por este serviço podem gerar grandes prejuĂzos para empresas e atĂ© mesmo para usuários finais comuns. O estudo dos mecanismos DNS e DNSSEC Ă© de fundamental importância para garantir as imunidades a esses sistemas e assegurar o bom funcionamento da Internet. AlĂ©m disso, abordaremos conceitos gerais relacionados a segurança de redes, mencionando o funcionamento dos principais ataques e como evitá-los. Experimentos serĂŁo realizados a fim de evidenciar vunerabilidades do DNS que podem ser corrigidas pelo DNSSEC, alĂ©m de uma metodologia de detecção de malware atravĂ©s do DNS.This work studies the working of DNS and DNSSEC systems, besides analyze some aspects of those mechanisms, such as performance, efficiency analysis, use statistics and frauds, including local networks security techniques. The DNS is one of the pillars of the Internet. Successful attacks to servers responsible for this service may cause heavy losses to companies and even for regular final users. The study of DNS and DNSSEC mechanisms are of fundamental importance to guarantee immunities to these systems and to assure Internet’s good functioning. Besides, we will approach general concepts related to network security, mentioning the workings of the main attacks and how to avoid them. Experiments will be performed to substantiate DNS vulnerabilities that can be corrected by using DNSSEC, furthermore a methodology to malware detection through DNSSEC
- …