By Topic

Prevent DNS Cache Poisoning Using Security Proxy

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Lejun Fan ; Inst. of Comput. Technol., Beijing, China ; Yuanzhuo Wang ; Xueqi Cheng ; Jinming Li

DNS has been suffering from cache poisoning attack for a long time. The attacker sends camouflaged DNS response to trick the domain name server, and inserts malicious resource record into the cached database. Because the original DNS protocol only depends on 16-bit transaction ID to verify the response packet, it is prone to be guessed by the attacker. Although many strategies such as transaction randomizing, source port randomizing and the 0×20 technique have been applied to improve the resistance of DNS, the attacker still has chance to poison DNS server in an acceptable time. Other more complicated strategy such as DNSSEC which provides stricter prevention mechanism is not easy to deploy and is not widely adopted yet. To address the problem, we present a novel strategy called Security Proxy. The architecture can be easily implemented and deployed on existing DNS server without modification of DNS server itself. The embedded two schemes Selective Re-Query and Security Label Communication can cooperate and effectively prevent the cache poisoning attack. We analyze our strategy from both the capability and efficiency. Then we find that our Security Proxy has obvious advantage over the original transaction ID, the source port randomizing and 0×20 techniques.

Published in:

Parallel and Distributed Computing, Applications and Technologies (PDCAT), 2011 12th International Conference on

Date of Conference:

20-22 Oct. 2011