Top

Wireless Personal Communications

Published in:

14-11-2016

A Selective Re-Query Case Sensitive Encoding Scheme Against DNS Cache Poisoning Attacks

Authors: Jin Cao, Maode Ma, Xilei Wang, Haochen Liu

Published in: Wireless Personal Communications | Issue 3/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

A domain name system (DNS) with a hierarchical domain name resolution scheme plays an important role in today’s Internet surfing. To protect DNS against cache poisoning attacks is a key issue to achieve Internet security. A lot of defense schemes have been proposed to prevent DNS cache poisoning attacks in recent years. However, most of those schemes cannot get the balance between the security functionality and the performance of the networks. In this paper, in order to improve the performance of the existing security schemes against cache poisoning attacks, we propose a Selective Re-Query Case Sensitive Encoding scheme to efficiently prevent DNS cache poisoning attacks. Our scheme can be easily implemented and deployed only with little modification at the DNS server and can achieve the balance between the security and efficiency. The analysis shows that our scheme can provide strong security functionality with desirable efficiency.

previous article Topology Control Game Algorithm of Multi-performance Cooperative Optimization with Self-Maintaining for WSN

next article Advanced Secure Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Olzak, T. (2006). DNS cache poisoning: Definition and prevention. http://www.infosecwriters.com.

Yu, X., Chen, X., & Xu, F. (2011). Recovering and protecting against DNS cache poisoning attacks. In Proceedings of international conference of information technology, computer engineering and management sciences 2011, ICM2011, pp. 120–123.

Hmood, H. S., Li, Z., Abdulwahid, H. K., & Zhang, Y. (2015). Adaptive caching approach to prevent DNS cache poisoning attack. The Computer Journal, 58(4), 973–985.CrossRef

Shulman, H., & Waidner, M. (2014). DNSSEC for cyber forensics. EURASIP Journal on Information Security, 2014(12), 1–14.

Fan, L., Wang, Y., Cheng, X., & Li, J. (2011). Prevent DNS cache poisoning using security proxy. In Proceeding of 12th international conference on parallel and distributed computing, applications and technologies 2011, PDCAT2011, pp. 387–393.

Hoy, J. G. (2008). Anti DNS spoofing—extended query ID (XQID). http://www.jhsoft.com/dns-xqid.html.

RFC 6056. (2011). Recommendations for transport-protocol port randomization. IETF Internet Draft.

Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., & Lee, W. (2008). Increased DNS forgery resistance through 0 × 20-bit encoding. In Proceedings of the 15th ACM conference on computer and communication security, USA.

Vixie, P., & Dagon, D. (2008). Use of bit 0 × 20 in DNS labels to improve transaction identity. http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00.

10.

Herzberg, A., & Shulman, H. (2012). Security of patched DNS. In Proceedings of ESORICS 2012, Heidelberg, 2012, LNCS (Vol. 7459, pp. 271–288).

11.

Herzberg, A., & Shulman, H. (2012). Antidotes for DNS poisoning by off-path adversaries. In Proceedings of international conference on availability, reliability and security, 2012, ARES, pp. 262–267.

12.

Herzberg, A., & Shulman, H. (2013). Fragmentation considered poisonous. In Proceedings of the IEEE international conference on communications and network security 2013, CNS 2013.

13.

Vixie, P., Gudmondsson, O., Eastlake, D., & Wellington, B. (2000). Secret key transaction authentication for DNS (TSIG). http://tools.ietf.org/html/rfc2845.

14.

Eastlake, D. (1999). Domain name system security extensions, 3rd Version. In RFC 2535, Internet Engineering Task Force.

15.

Bernstein, D. J. (2009). DNSCurve: Usable security for DNS. http://dnscurve.org/.

16.

Hobeica, R., Itani, W., Ghali, C., Kayssi, A., & Chehab, A. (2012). Security anaysis and solution for thwarting cache poisoning attacks in the domain name system. In Proceedings of 19th international conference on telecommunications 2012, pp. 1–6.

17.

Lihua, Y., Kant, K., Mohapatra, P., & Chen-Nee, C. (2006). DoX: A peer-to-peer antidote for dns cache poisoning attacks. In Proceedings of IEEE ICC’06, 2006, pp. 2345–2350.

18.

Sun, H. M., Chang, W. H., Chang, S. Y., & Lin, Y. H. (2009). DepenDNS: Dependable mechanism against DNS cache poisoning. In Proceedings of CANS 2009. LNCS, vol. 5888, pp. 174–188.

19.

AlFardan, N. J., Paterson, K. G. (2010). An analysis of DepenDNS. In Proceedings of ISC 2010, LNCS, vol. 6531, pp. 31–38.

20.

Herzberg, A., & Shulman, H. (2011). Unilateral antidotes to DNS cache poisoning. In Proceedings of SecureComm 2011, Heidelberg, 2012, LNICST (vol. 96, pp. 319–336).

21.

NIST. (2001). Announcing the advanced encryption standards (AES). http://csrc.nist.gov/publications/flips/fips197/flips-197.pdf.

Title: A Selective Re-Query Case Sensitive Encoding Scheme Against DNS Cache Poisoning Attacks
Authors: Jin Cao
Maode Ma
Xilei Wang
Haochen Liu
Publication date: 14-11-2016
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2017
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3681-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2017

An Universal MMSE Channel Estimator for OFDM Receiver

A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks

An Electronic Transaction Mechanism Using Mobile Devices for Cloud Computing

Construction of Pseudoinverse Matrix Over Finite Field and Its Applications

A Time-Domain Channel Estimation Method for MIMO-OFDM Systems with Low-Precision Quantization

Peak-to-Average Power Ratio Reduction in Lifting Based Wavelet Packet Modulation Systems Using Differential Evolution Algorithm