Recent hacking events against Sony Entertainment, Target, Home Depot, and bank
Automated Teller Machines (ATMs) fosters a growing perception that the Internet is an insecure
environment. While Internet Privacy Concerns (IPCs) continue to grow out of a general concern
for personal privacy, the availability of inexpensive Internet-capable mobile devices increases
the Internet of Things (IoT), a network of everyday items embedded with the ability to connect
and exchange data.
Domain Name Services (DNS) has been integral part of the Internet for name resolution
since the beginning. Domain Name Services has several documented vulnerabilities; for
example, cache poisoning. The solution adopted by the Internet Engineering Task Force (IETF)
to strengthen DNS is DNS Security Extensions (DNSSEC). DNS Security Extensions uses
support for cryptographically signed name resolution responses. The cryptography used by
DNSSEC is the Public Key Infrastructure (PKI).
Some researchers have suggested that the time stamp used in the public certificate of the
name resolution response influences DNSSEC vulnerability to a Man-in-the-Middle (MiTM)
attack. This quantitative study determined the efficacy of using the default relative Unix epoch
time stamp versus an absolute time stamp provided by the Network Time Protocol (NTP). Both
a two-proportion test and Fisher’s exact test were used on a large sample size to show that there
is a statistically significant better performance in security behavior when using NTP absolute
time instead of the traditional relative Unix epoch time with DNSSEC
