Please use this identifier to cite or link to this item:
Title: Reducing DNS cache poisoning attacks
Authors: Mohan, J.
Puranik, S.
Chandrasekaran, K.
Issue Date: 2015
Citation: ICACCS 2015 - Proceedings of the 2nd International Conference on Advanced Computing and Communication Systems, 2015, Vol., , pp.-
Abstract: The increasing attacks on The Domain Name System (DNS) and the problems faced in deploying Domain Name System Security Extensions (DNSSEC) on a large scale, result in the need of a simple, and a practical approach to safeguard the DNS. In this paper, we present an efficient approach to significantly reduce the success rate of DNS cache poisoning attacks. The proposed Shift Key(S-Key) based domain name encoding scheme considerably raises the entropy of the DNS packet by encoding the domain name, using the randomly generated 4 bit S-Keys. To successfully poison a DNS cache, the attacker must now guess the 4 bit S-key as well as the encoded domain name, in addition to the port number and the transaction ID. The Bi-Query scheme captures the malicious reply packets by initiating a re-query or pairing up two consecutive requests to resolve the same domain name, thereby validating the Internet Protocol (IP) address retrieved for each domain name, before caching it. The first method proposed makes it difficult for the attacker to guess the DNS packet fields, while the latter detects and discards any packet that has been forged. � 2015 IEEE.
Appears in Collections:2. Conference Papers

Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.