Title :
Antidotes for DNS Poisoning by Off-Path Adversaries
Author :
Herzberg, Amir ; Shulman, Haya
Author_Institution :
Dept. of Comput. Sci., Bar Ilan Univ., Ramat Gan, Israel
Abstract :
Following to Kaminsky´s attack (2008), cachingresolvers were patched with defenses against poisoning. So far, the main improvements were non-cryptographic and easy todeploy (requiring changes only in resolvers). Some of these improvements are widely deployed, and it is believed that they suffice to prevent poisoning, at least by off-path, spoofingattackers. We perform a critical study of the prominent defense mechanisms against poisoning attacks by off-path adversaries. We present weaknesses and limitations, and suggest counter-measures. Our main message is that the DNS infrastructure shouldnot rely on short term, ´easy-to-deploy´ defenses, and efforts should be increased towards transition to DNSSEC.
Keywords :
Internet; computer network security; cryptography; DNS poisoning antidotes; IP address; Internet; Kaminsky attack; defense mechanisms; domain name system; off path adversaries; poisoning prevention; Encoding; Entropy; Forgery; IP networks; Security; Servers; DNS cache poisoning; DNS security; Kaminsky attack;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.27
