English
Related papers

Related papers: Take up DNSSEC When Needed

200 papers

We investigate defenses against DNS cache poisoning focusing on mechanisms that can be readily deployed unilaterally by the resolving organisation, preferably in a single gateway or a proxy. DNS poisoning is (still) a major threat to…

Cryptography and Security · Computer Science 2015-03-20 Amir Herzberg , Haya Shulman

We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS…

Cryptography and Security · Computer Science 2022-05-13 Tianxiang Dai , Philipp Jeitner , Haya Shulman , Michael Waidner

The Domain Name System (DNS) provides a translation between readable domain names and IP addresses. The DNS is a key infrastructure component of the Internet and a prime target for a variety of attacks. One of the most significant threat to…

Cryptography and Security · Computer Science 2019-06-27 Harel Berger , Amit Z. Dvir , Moti Geva

We present practical poisoning and name-server block- ing attacks on standard DNS resolvers, by off-path, spoofing adversaries. Our attacks exploit large DNS responses that cause IP fragmentation; such long re- sponses are increasingly…

Cryptography and Security · Computer Science 2015-03-20 Amir Herzberg , Haya Shulman

Today, Internet offers many critical applications. So, it becomes very crucial for Internet service providers to ensure traceability of operations and to secure data exchange. Since all these communications are based on the use of the…

Cryptography and Security · Computer Science 2012-08-01 Kaouthar Chetioui , Ghizlane Orhanou , Said El Hajji , Abdelmajid Lakbabi

Cryptographic algorithm agility is an important property for DNSSEC: it allows easy deployment of new algorithms if the existing ones are no longer secure. In this work we show that the cryptographic agility in DNSSEC, although critical for…

Cryptography and Security · Computer Science 2023-02-15 Elias Heftrig , Haya Shulman , Michael Waidner

Distributed Denial-of-Service (DDoS) attacks exhaust resources, leaving a server unavailable to legitimate clients. The Domain Name System (DNS) is a frequent target of DDoS attacks. Since DNS is a critical infrastructure service,…

Cryptography and Security · Computer Science 2022-09-16 A S M Rizvi , Jelena Mirkovic , John Heidemann , Wesley Hardaker , Robert Story

Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms…

Cryptography and Security · Computer Science 2013-05-07 Yossi Gilad , Amir Herzberg , Haya Shulman

Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into…

Cryptography and Security · Computer Science 2021-12-01 Nicolas M. Müller , Simon Roschmann , Konstantin Böttinger

In spite of the availability of DNSSEC, which protects against cache poisoning even by MitM attackers, many caching DNS resolvers still rely for their security against poisoning on merely validating that DNS responses contain some…

Cryptography and Security · Computer Science 2015-03-20 Amir Herzberg , Haya Shulman

The traditional design principle for Internet protocols indicates: "Be strict when sending and tolerant when receiving" [RFC1958], and DNS is no exception to this. The transparency of DNS in handling the DNS records, also standardised…

Cryptography and Security · Computer Science 2022-05-12 Philipp Jeitner , Haya Shulman

The Domain Name System Security Extensions (DNSSEC) are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational…

Cryptography and Security · Computer Science 2025-12-15 Qifan Zhang , Zilin Shen , Imtiaz Karim , Elisa Bertino , Zhou Li

Availability is a major concern in the design of DNSSEC. To ensure availability, DNSSEC follows Postel's Law [RFC1123]: "Be liberal in what you accept, and conservative in what you send." Hence, nameservers should send not just one matching…

Cryptography and Security · Computer Science 2024-06-06 Elias Heftrig , Haya Schulmann , Niklas Vogel , Michael Waidner

Detecting Domain Name System (DNS) tunneling is a significant challenge in security due to its capacity to hide harmful actions within DNS traffic that appears to be normal and legitimate. Traditional detection methods are based on…

Cryptography and Security · Computer Science 2025-07-15 Novruz Amirov , Baran Isik , Bilal Ihsan Tuncer , Serif Bahtiyar

The Domain Name System (DNS) serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out…

Cryptography and Security · Computer Science 2025-12-09 Aduma Rishith , Aditya Kulkarni , Tamal Das , Vivek Balachandran

The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and…

Cryptography and Security · Computer Science 2024-07-08 Minzhao Lyu , Hassan Habibi Gharakheili , Vijay Sivaraman

DNSSEC, a DNS security extension, is essential to accurately translating domain names to IP addresses. Digital signatures provide the foundation for this reliable translation; however, the evolution of 'Quantum Computers' has made…

Cryptography and Security · Computer Science 2025-11-04 Syed W. Shah. Lei Pan , Din Duc Nha Nguyen , Robin Doss , Warren Armstrong , Praveen Gauravaram

Data poisoning attacks -- where an adversary can modify a small fraction of training data, with the goal of forcing the trained classifier to high loss -- are an important threat for machine learning in many applications. While a body of…

Machine Learning · Computer Science 2020-02-21 Yizhen Wang , Somesh Jha , Kamalika Chaudhuri

Domain Name Service is a trusted protocol made for name resolution, but during past years some approaches have been developed to use it for data transfer. DNS Tunneling is a method where data is encoded inside DNS queries, allowing…

Cryptography and Security · Computer Science 2020-06-16 Franco Palau , Carlos Catania , Jorge Guerra , Sebastian Garcia , Maria Rigaki

Domain Name System (DNS) is a critical component of the Internet infrastructure, responsible for translating domain names into IP addresses. However, DNS is vulnerable to some malicious attacks, including DNS cache poisoning, which…

Cryptography and Security · Computer Science 2023-12-08 Yufan Fu , Jiuqi Wei , Ying Li , Botao Peng , Xiaodong Li
‹ Prev 1 2 3 10 Next ›