Addressing the challenges of modern DNS:a comprehensive tutorial

The Domain Name System (DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas

Extensiones de seguridad para el Sistema de Nombres de Dominio (DNSSEC)

El presente trabajo presenta el conjunto de extensiones de seguridad para el Sistema de Nombres de Dominio (DNSSEC). En una primera parte se expone el estado del arte del Sistema DNS, detallando conceptos generales, formato de mensajes, tipos de servidores y sus funciones. A continuación se muestra una clasificación y análisis de las amenazas más comunes y seguidamente se describen conceptos de criptografía en el contexto del Sistema DNS. En base a los conceptos previos, el trabajo se centra en presentar los aspectos y definiciones fundamentales para el funcionamiento de DNSSEC. Se definen los conceptos de Punto de Entrada Seguro, Cadenas de Confianza, Claves de Zona y Clave de Claves, Delegación segura. Se continúa con una definición de especificaciones para los nuevos Registros de Recursos y ejemplo de cada uno de ellos. Finalmente se expone el método de validación alternativa y reportes de despliegue a nivel mundial.Facultad de Informátic

Un estudio comparativo en Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNS)

La obra presenta un caso de estudio para la alternativa DNSSEC, donde se exponen los resultados de la implementación de dicha alternativa. Se analiza el impacto en cuanto a consumo de recursos (tiempos de respuestas, cantidad de consultas, carga de tráfico), frente a una implementación basada en DNS estándar.Facultad de Informátic

IPv6-kotiverkon liittäminen Internetin nimipalveluun

Current home networks are very simple containing only a few devices. As the number of devices connected to the home network increases, there is no reasonable way for a user to access devices using only IP addresses. Due to the exponential growth of devices connected to the Internet, the addresses of the current IP version are however soon to be depleted. A new IP version has already been implemented in the Internet, containing a very large amount of addresses compared to the current IP version. Addresses in the new IP address version are also much longer and more complicated. Therefore it is not reasonable to try to use IP addresses alone to access devices anymore. The previous facts force to implement a name service to the home network. Name service is quite similar to that used in the Internet, although the home network version should be much more automatic and user friendly. This means that users do not have to type IP addresses anymore to be able to access services, but they can use meaningful names like in the Internet. The first objective of the thesis is to examine methods to implement as automated name service as possible to the home network. Second objective is to examine connecting the home network name service to the Internet name service. Accomplishing this allows users to access services at home from the Internet. This has to be made in a secure manner to protect the integrity and authenticity of the user information. A live experiment of the thesis concentrates to the second objective of the thesis by establishing the connection and transferring the name service information between home network and the Internet name service. The study and the live experiments indicate that there is still work to be done before the two objectives can be fully accomplished. At the moment there is no convenient way to automatically name devices at home. Connecting to the Internet name service involves also quite a lot of effort, thus requiring more than basic computing skills from the user

Implantació del sistema Sauron per a la gestió del sistema DNS de la UdL

El sistema de noms de domini (DNS) proveeix d'un sistema distribuït per a la resolució de nomsEl sistema de noms de domini (DNS) proveeix d'un sistema distribuït per a la resolució de noms de host en la infraestructura d'internet. Aquest sistema permet que cada organització gestioni les dades dels noms dels seus nodes en la jerarquia del sistema DNS. En una organització però, es poden donar diversos nivells de delegació a determinades parts de la infraestructura de l'organització . Per tal de descentralitzar la gestió d'aquestes parts es presenta un sistema de programari lliure que permet la delegació d'una forma controlada amb control i nivells d'accés d'usuari de forma concurrent i remota a través d'una interfície web. La implementació, configuració, integració i desplegament d'aquest sistema en la xarxa de la Universitat de Lleida es descriu al llarg d'aquesta memòria

Архитектура и принципы построения современных сетей и систем телекоммуникаций : учебное пособие

В учебном пособии рассматриваются архитектура и принципы построения современных сетей и систем телекоммуникаций, основные протоколы и технологии. Учебное пособие предназначено для студентов направлений 550200 «Автоматизация и управление», 511200 «Математика, прикладная математика», 510400 «Физика», 521500 «Менеджмент», 521600 «Экономика», 060800 «Экономика и управление на предприятии (по отраслям производства)». Учебное пособие выполнено в рамках инновационной образовательной программы Российского университета дружбы народов, направление «Комплекс экспортоориентированных инновационных образовательных программ по приоритетным направлениям науки и технологий», и входит в состав учебно-методического комплекса, включающего описание курса, программу и электронный учебник

Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D