Increased DNS forgery resistance through 0×20-bit encoding

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 211-222

  Dagon, David ^a   Antonakakis, Manos ^a   Vixie, Paul ^b   Jinmei, Tatuya ^b   Lee, Wenke ^a  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

^b Internet Systems Consortium   (United States)

Author keywords

Computer security; DNS poisoning; DNS 0 20

Indexed keywords

BASIC MODELS; COMPUTER SECURITY; DNS POISONING; DNS SERVER; DOMAIN NAMES; EXPERIMENTAL EVALUATION; REAL-WORLD;

ENCODING (SYMBOLS); INTERNET PROTOCOLS; SECURITY SYSTEMS;

SERVERS;

EID: 70349289360     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1455770.1455798     Document Type: Conference Paper

References (37)

1. D. E. E. 3d. Domain name system (dns) cookies. http://tools.ietf.org/ html/draft-eastlake-dnsext-cookies-03, 2008.
2. D. E. 3rd. Dns request and transaction signatures (SIG(O)s). http://tools.ietf.org/html/rfc2931, September 2000.
3. D. E. 3rd. Secret key establishment for DNS (TKEY RR). http://tools.ietf.org/html/rfc2930, September 2000.
4. A. Hubert and R. van Mook. Measures for making dns more resilient against forged answers. http://tools.ietf.org/html/draft-ietf-dnsext-forgery- resilience-06, July 2008.
5. M. Andrews. The dnssec lookaside validation (dlv) dns resource record, rfc 4431. http://tools.ietf.org/html/rfc4431,2006.
6. D. Barr. Common dns operational and configuration errors. http://tools.ietf.org/html/rfc2845, 1996.
7. S. Biaz and N. H. Vaidya. Is the round-trip time correlated with the number of packets in flight? In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC 03), 2003.
8. D. Dagon, N. Provos, C. P. Lee, and W. Lee. Corrupted dns resolution paths: The rise of a malicious resolution authority. In Proceedings of Network and Distributed Security Symposium (NDSS '08), 2008.
9. DJ Bernstein. The dns-random library interface. http://cr.yp.to/djbdns/ dns-random.html, 2008.
10. DJ Bernstein. SYN cookies. http://cr.yp.to/syncookies.html, 2008.
11. K. P. Gummadi, S. Saroiu, and S. D. Gribble. King: estimating latency between arbitrary internet end hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurrnent, pages 5-18, 2002.
12. Internet Assigned Numbers Authority. Port numbers, http://www.iana.org/ assignments/port-numbers, 2008.
13. D. Kaminsky. Its the end of the cache as we know it. http://www.doxpara. com/DMK-B02K8.ppt, 2008.
14. J. Kang and D. Lee. Advanced white list approach for preventing access to phishing sites. In International Conference on Convergence Information Technology, 2007.
15. A. Klein. BIND 8 DNS cache poisoning, http://www.trusteer.com/docs/ bind8dns.html, 2007.
16. A. Klein. BIND 9 DNS cache poisoning, http://www.trusteer.com/docs/ bind9dns.html, 2007.
17. A. Klein. OpenBSD DNS cache poisoning and multiple OS predictable IP ID vulnerability, http://www.trusteer.com/docs/dnsopenbsd.html, 2007.
18. A. Klein. Windows DNS cache poisoning, http: //www.trusteer.com/docs/ microsoftdns.html, 2007.
19. A. Klein. PowerDNS recursor DNS cache poisoning. http://www.trusteer.com/ docs/powerdnsrecursor. html, 2008.
20. J. Markoff. Leaks in patch for web security hole. http://www.nytimes.com/ 2008/08/0 9/technology/09flaw.html, August 2008.
21. P. Mockapetris. Domain names - concepts and facilities. http://www.faqs.org/rfcs/rfcl0 34, November 1987.
22. P. Mockapetris. Domain names - implementation and specification, www.faqs.org/rfcs/rfclO35, November 1987.
23. NIST. Announcing the advanced encryption standard (aes). ttp://csrc.nist.gov/publications/fips/fips197/fips-197.pdf ,2001.
24. K. Park, V. S. Pai, L. Peterson, and Z. Wang. Codns: Improving dns performance and reliability via cooperative lookups. In In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI '04), 2004.
25. V. Ramasubramanian and E. Sirer. The design and implementation of a next generation name service for the internet. Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, pages 331-342, 2004.
26. V. Ramasubramanian and E. G. Sirer. Perils of transitiive trust in the domain system. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC'05), 2005.
27. S. Stamm, Z. Ramzan, and M. Jakobsson. Drive-by pharming. http://www.cs.indiana.edu/̃sstamin/papers/driveby-pharming.pdf, 2006.
28. J. Stewart. DNS cache poisoning - the next generation. http://www.secureworks.com/research/artides/dns-cache-poisoning/, 2003.
29. US Cert. Vulnerability note vu#457875. http://www.kb.cert.org/vuls/id/ 457875, 2002.
30. US-CERT. Multiple dns implementations vulnerable to cache poisoning, www.kb.cert.org/vuls/id/800113, 2008.
31. P. Vixie. DNS complexity. ACM Queue, 5(3), April 2007.
32. P. Vixie and D. Dagon. Use of bit 0x20 in DNS labels to improve transaction identity, http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00, 2008.
33. P. Vixie, O. Gudmundsson, D. E. 3rd, and B. Wellington. Secret key transaction authentication for DNS (TSIG). http://tools.ietf.org/html/rfc2845. May 2000.
34. S. Weiler. Dnssec lookaside validation (dlv), rfc 5074. http://tools.ietf.org/html/rfc5074, November 2007.
35. F. Weimer. Passive dns replication. http://www.enyo.de/fw/software/ dnslogger/first2005-paper.pdf, April 2005.
36. D. Wessels. The measurement factory open recursive dns reports, http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/, 2007.
37. L. Yuan, K. Kant, P. Mohapatra, and C.-N. Chuah. DoX: A peer-to-peer antidote for DNS cache poisoning attacks. In Proceedings of the IEEE International Conference on Communications (ICC'06), volume 5, pages 8164-9547, June 2006.