Title :
Emergency Key Rollover in DNSSEC
Author :
Zheng Wang ; Liyuan Xiao
Author_Institution :
Qingdao Univ., Qingdao, China
Abstract :
DNS Security Extensions (DNSSEC) is introduced as a set of extensions to DNS which provide data origin authentication, data integrity, and authenticated denial of existence. To maintain the integrity of the DNSSEC system in the case of key compromise, the compromised keys active in the trust chain need to be renewed as soon as possible. This paper is the first to provide extensive and systematic analysis of emergency key rollover in DNSSEC. It identifies the space of key management choices in emergency key rollover. It also presents timelines for the key rollover and discusses considerations surrounding the timing of events in the rolling of a key. The performances of the proposed rollover algorithms are analyzed in four aspects. Finally, the transition delays are evaluated on all signed TLDs.
Keywords :
data integrity; message authentication; DNSSEC system; TLD; authenticated denial of existence; data integrity; data origin authentication; domain name system security extensions; emergency key rollover; transition delays; trust chain; Authentication; Delays; Public key; Redundancy; Servers; DNS Security Extensions; emergency key rollover; key compromise; parent-child interactions; transition delay;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/TrustCom.2014.76
