Nysiad: practical protocol transformation to tolerate Byzantine failures
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Distributed Automatic Configuration of Complex IPsec-Infrastructures
Journal of Network and Systems Management
State machine replication with byzantine faults
Replication
| Hi-index | 0.00 |
A correctly working Domain Name System (DNS) is essentialfor the Internet. Due to its significance and because ofdeficiencies in its current design, the DNS is vulnerable toa wide range of attacks. This paper presents the design andimplementation of a secure distributed name service on thelevel of a DNS zone. Our service is able to provide fault toleranceand security even in the presence of a fraction ofcorrupted name servers, avoiding any single point of failure.It further solves the problem of storing zone secretsonline without leaking them to a corrupted server, whilestill supporting secure dynamic updates. Our service usesstate-machine replication and threshold cryptography. Wepresent results from experiments performed using a prototypeimplementation on the Internet in realistic setups. Theresults show that our design achieves the required assuranceswhile servicing the most frequent requests in reasonable time.