Title :
Availability analysis of DNSSEC resolution and validation service
Author :
Yong Wang ; Xiaochun Yun ; Gang Xiong ; Zhen Li ; Yao Yao
Author_Institution :
Inst. of Comput. Technol., Grad. Univ. of Chinese Acad. of Sci., Beijing, China
Abstract :
Availability of DNSSEC resolution and validation service against man-in-the-middle attacks are analysed in this paper, and possible vulnerabilities are introduced and classified. Experiments show DNSSEC client is vulnerable because the attacks are always successful, but they are failed to recursive server, at the same time, attacks to recursive server will bring about numerous retries, and the number of retries depends on the number of root domain name servers, top-level servers and authority servers, and this can be exploited to launch denial of service attacks to recursive server. The results show the availability of DNSSEC service is poor against man-in-the-middle attacks. Conclusions are valuable to the optimization of DNSSEC recursive server application, as well as DNSSEC security analysis.
Keywords :
Internet; client-server systems; computer network security; network servers; DNSSEC client; DNSSEC resolution; DNSSEC security analysis; DNSSEC service; authority servers; availability analysis; denial of service attacks; man-in-the-middle attacks; recursive server; root domain name servers; top-level servers; validation service; Availability; Bandwidth; Computer crime; IP networks; Public key; Servers; Availability Analysis; DNSSEC; DNSSEC Vulnerability; Man-in-the-Middle Attack;
Conference_Titel :
Communications and Networking in China (CHINACOM), 2012 7th International ICST Conference on
Conference_Location :
Kun Ming
Print_ISBN :
978-1-4673-2698-8
Electronic_ISBN :
978-1-4673-2697-1
DOI :
10.1109/ChinaCom.2012.6417444
