DepenDNS: Dependable Mechanism against DNS Cache Poisoning

Authors:
Hung-Min Sun;Wen-Hsuan Chang;Shih-Ying Chang;Yue-Hsun Lin
Affiliations:
Information Security Laboratory, Department of Computer Science, National Tsing Hua University, Taiwan R.O.C;Information Security Laboratory, Department of Computer Science, National Tsing Hua University, Taiwan R.O.C;Information Security Laboratory, Department of Computer Science, National Tsing Hua University, Taiwan R.O.C;Information Security Laboratory, Department of Computer Science, National Tsing Hua University, Taiwan R.O.C
Venue:
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Year:
2009

Citing 12
Cited 1

Dynamic Load Balancing on Web-Server Systems

IEEE Internet Computing
DNS-Based Load Balancing in Distributed Web-server Systems

SEUS-WCCIA '06 Proceedings of the The Fourth IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, and the Second International Workshop on Collaborative Computing, Integration, and Assurance (SEUS-WCCIA'06)
Visualizing DNS traffic

Proceedings of the 3rd international workshop on Visualization for computer security
DNSSEC: a protocol toward securing the internet infrastructure

Communications of the ACM - Smart business networks
Security vulnerabilities in DNS and DNSSEC

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
CoDNS: improving DNS performance and reliability via cooperative lookups

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
ConfiDNS: leveraging scale and history to improve DNS security

WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Motivation for Behaviour-Based DNS Security: A Taxonomy of DNS-Related Internet Threats

SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Perspectives: improving SSH-style host authentication with multi-path probing

ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Mitigating DNS DoS attacks

Proceedings of the 15th ACM conference on Computer and communications security
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries

Proceedings of the 15th ACM conference on Computer and communications security
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Computer Communications

An analysis of DepenDNS

ISC'10 Proceedings of the 13th international conference on Information security

Quantified Score

Hi-index	0.00

Visualization

Abstract

DNS cache poisoning attacks have been proposed for a long time. In 2008, Kaminsky enhanced the attacks to be powerful based on nonce query method. By leveraging Kaminsky's attack, phishing becomes large-scale since victims are hard to detect attacks. Hence, DNS cache poisoning is a serious threat in the current DNS infrastructure. In this paper, we propose a countermeasure, DepenDNS, to prevent from cache poisoning attacks. DepenDNS queries multiple resolvers concurrently to verify an trustworthy answer while users perform payment transactions, e.g., auction, banking. Without modifying any resolver or authority server, DepenDNS is conveniently deployed on client side. In the end of paper, we conduct several experiments on DepenDNS to show its efficiency. We believe DepenDNS is a comprehensive solution against cache poisoning attacks.