Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Filters

2016 - 201912020 - 20232

Settings

Subject: search.filters.subject.DNSSEC

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    DANE: An inbuilt security extension
    (Institute of Electrical and Electronics Engineers Inc., 2016) Aishwarya, C.; Raghuram, M.A.; Hosmani, S.; Sannidhan, M.S.; Rajendran, B.; Chandrasekaran, K.; Bindhumadhava, B.S.
    Use of TSL and certificates in secure applications in the internet is very common today. Certificate authorities are playing the important role of trust anchors. But this means that third party certificate authorities have to be trusted by both domain owners and their clients. Compromises of certificate authorities will put many users under a huge risk. To solve this problem, the DANE protocol was proposed that is used on top of DNSSEC. It allows using the chain of trust in DNS for authenticating certificates and makes clients impose many constraints on the certificates they receive. We analyze the performance of the DANE protocol at the client side and also present a tool for deploying and administrating DANE with BIND servers in a local network. © 2015 IEEE.
  • No Thumbnail Available
    Item
    DNS Cache Poisoning: Investigating Server and Client-Side Attacks and Mitigation Methods
    (Institute of Electrical and Electronics Engineers Inc., 2023) Chandrasekaran, K.; Divakarla, U.; Srinivasan, K.S.
    DNS cache poisoning is a type of cyber attack that aims to redirect traffic from legitimate websites to malicious ones. In this attack, the attacker modifies the DNS cache of a DNS server, allowing them to redirect requests for legitimate domain names to their own servers. This can result in distribution of malware and phishing attacks. To mitigate the risk of DNS cache poisoning, various techniques such as DNSSEC, source port randomization, and response rate limiting have been developed. This paper provides an overview of DNS cache poisoning, the techniques used to perform the attack, and the countermeasures that can be employed to protect against it. © 2023 IEEE.
  • No Thumbnail Available
    Item
    A Quantitative Method for Measuring Health of Authoritative Name Servers
    (IGI Global, 2022) Adiwal, S.; Rajendran, B.; Shetty D, P.D.
    The domain name system (DNS) is regarded as one of the critical infrastructure components of the global internet because a large-scale DNS outage would effectively take a typical user offline. Therefore, the internet community should ensure that critical components of the DNS ecosystem—that is, root name servers, top-level domain registrars and registries, authoritative name servers, and recursive resolvers—function smoothly. To this end, the community should monitor them periodically and provide public alerts about abnormal behavior. The authors propose a novel quantitative approach for evaluating the health of authoritative name servers – a critical, core, and a large component of the DNS ecosystem. The performance is typically measured in terms of response time, reliability, and throughput for most of the internet components. This research work proposes a novel list of parameters specifically for determining the health of authoritative name servers: DNS attack permeability, latency comparison, and DNSSEC validation. The aim is to understand the general behavior of authoritative name servers, detect sluggishness in their performance, and arrive at a score of their health through the aforesaid parameters. The effectiveness of identified parameters is evaluated by devising the corresponding probing algorithms and experimented with them among the authoritative name servers serving the world’s top 500 domains. This approach could be used periodically to assess and take necessary measures to protect authoritative domain name servers from abuse. © © 2022, IGI Global.