An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks

Wang, Zheng and Yu, Shui and Rose, Scott (2018) An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks. EAI Endorsed Transactions on Security and Safety, 4 (14). e3. ISSN 2032-9393

[thumbnail of eai.15-5-2018.154771.pdf]
Available under License Creative Commons Attribution No Derivatives.

Download (753kB) | Preview


The threats of caching poisoning attacks largely stimulate the deployment of DNSSEC. Being a strong but demanding cryptographical defense, DNSSEC has its universal adoption predicted to go through a lengthy transition. Thus the DNSSEC practitioners call for a secure yet lightweight solution to speed up DNSSEC deployment while offering an acceptable DNSSEC-like defense. This paper proposes a new On-Demand Defense (ODD) scheme against cache poisoning attacks, still using but lightly using DNSSEC. In the solution, DNS operates in DNSSEC-oblivious mode unless a potential attack is detected and triggers a switch to DNSSEC-aware mode. The modeling checking results demonstrate that only a small DNSSEC query load is needed by the ODD scheme to ensure a small enough cache poisoning success rate.

Item Type: Article
Uncontrolled Keywords: NS Security Extensions, DNS cache poisoning, model checking, query load, success rate.
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 13:52
Last Modified: 26 Mar 2021 13:52

Actions (login required)

View Item
View Item