An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks

Authors

DOI:

https://doi.org/10.4108/eai.15-5-2018.154771

Keywords:

NS Security Extensions, DNS cache poisoning, model checking, query load, success rate

Abstract

The threats of caching poisoning attacks largely stimulate the deployment of DNSSEC. Being a strong but demanding cryptographical defense, DNSSEC has its universal adoption predicted to go through a lengthy transition. Thus the DNSSEC practitioners call for a secure yet lightweight solution to speed up DNSSEC deployment while offering an acceptable DNSSEC-like defense. This paper proposes a new On-Demand Defense (ODD) scheme against cache poisoning attacks, still using but lightly using DNSSEC. In the solution, DNS operates in DNSSEC-oblivious mode unless a potential attack is detected and triggers a switch to DNSSEC-aware mode. The modeling checking results demonstrate that only a small DNSSEC query load is needed by the ODD scheme to ensure a small enough cache poisoning success rate.

Downloads

Published

15-05-2018

How to Cite

Wang, Z. ., Yu, S. ., & Rose, S. . (2018). An On-Demand Defense Scheme Against DNS Cache Poisoning Attacks. EAI Endorsed Transactions on Security and Safety, 4(14), e3. https://doi.org/10.4108/eai.15-5-2018.154771

Issue

Vol. 4 No. 14 (2018): EAI Endorsed Transactions on Security and Safety

Section

Research article

License

Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.