• DocumentCode
    53175
  • Title

    Cipher-Suite Negotiation for DNSSEC: Hop-by-Hop or End-to-End?

  • Author

    Herzberg, Amir ; Shulman, Haya

  • Author_Institution
    Bar Ilan Univ., Ramat Gan, Israel
  • Volume
    19
  • Issue
    1
  • fYear
    2015
  • fDate
    Jan.-Feb. 2015
  • Firstpage
    80
  • Lastpage
    84
  • Abstract
    To ensure the best security and efficiency, cryptographic protocols such as Transport Layer Security and IPsec should let parties negotiate the use of the "best" cryptographic algorithms; this is referred to as cipher-suite negotiation. However, cipher-suite negotiation is lacking in DNS Security Extensions (DNSSEC), introducing several problems. To address these issues, the authors propose two designs: hop-by-hop and end-to-end cipher-suite negotiation. They compare these two approaches with respect to efficiency, ease of deployment, changes each would require of the existing infrastructure, and compatibility with the legacy DNS infrastructure and caches.
  • Keywords
    cryptographic protocols; DNS security extensions; DNSSEC; cryptographic protocols; end-to-end cipher-suite negotiation; hop-by-hop cipher-suite negotiation; Algorithm design and analysis; Ciphers; Computer security; Internet; Signal resolution; DNS security; DNSSEC; adoption obstacles; cipher-suite negotiation; denial of service attacks; interoperability challenges;
  • fLanguage
    English
  • Journal_Title
    Internet Computing, IEEE
  • Publisher
    ieee
  • ISSN
    1089-7801
  • Type

    jour

  • DOI
    10.1109/MIC.2015.3
  • Filename
    7031814
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=53175