By Topic

Availability analysis of DNSSEC resolution and validation service

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Yong Wang ; Institute of Computing Technology, Chinese Academy of Sciences, Graduate University of Chinese Academy of Sciences, Beijing, China ; Xiaochun Yun ; Gang Xiong ; Zhen Li
more authors

Availability of DNSSEC resolution and validation service against man-in-the-middle attacks are analysed in this paper, and possible vulnerabilities are introduced and classified. Experiments show DNSSEC client is vulnerable because the attacks are always successful, but they are failed to recursive server, at the same time, attacks to recursive server will bring about numerous retries, and the number of retries depends on the number of root domain name servers, top-level servers and authority servers, and this can be exploited to launch denial of service attacks to recursive server. The results show the availability of DNSSEC service is poor against man-in-the-middle attacks. Conclusions are valuable to the optimization of DNSSEC recursive server application, as well as DNSSEC security analysis.

Published in:

Communications and Networking in China (CHINACOM), 2012 7th International ICST Conference on

Date of Conference:

8-10 Aug. 2012