Design of security scheme to prevent DNS cache poisoning attacks
DNS is a protocol which translate domain names to IP addresses of which network devices use to communicate with each other. However, DNS has vulnerabilities open to exploitation. DNS cache poisoning attack is one of the exploited method that is still not completely mitigated till today. DNS resolve...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/70810 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-70810 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-708102023-07-07T17:14:42Z Design of security scheme to prevent DNS cache poisoning attacks Ng, Wei Lin Ma Maode School of Electrical and Electronic Engineering DRNTU::Engineering::Electrical and electronic engineering DNS is a protocol which translate domain names to IP addresses of which network devices use to communicate with each other. However, DNS has vulnerabilities open to exploitation. DNS cache poisoning attack is one of the exploited method that is still not completely mitigated till today. DNS resolver cached on the poisoned query response of which the attackers sent. The bogus response could stay in the cache for a long period without users realizing at all. This report studies DNS cache poisoning attacks and method to mitigate the cyber-attack. Many solutions had been proposed to improve on the security of DNS. There are two main security schemes for DNS cache poisoning attacks. One is the Dan Kaminsky’s algorithm [11] of which he uses to mitigate the attack after discovering a fundamental DNS vulnerability. The other is DNSSEC which involves adding cryptographic signature to DNS records and stored in DNS name servers. Verification can be made if the requested DNS record comes from authoritative server. Despite having these security schemes, DNS cache poisoning attacks are still happening throughout the years. A proposed countermeasure would be included in this report, of which DNS resolver and local cache would be considered. Bachelor of Engineering 2017-05-11T07:21:32Z 2017-05-11T07:21:32Z 2017 Final Year Project (FYP) http://hdl.handle.net/10356/70810 en Nanyang Technological University 48 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Electrical and electronic engineering |
| spellingShingle |
DRNTU::Engineering::Electrical and electronic engineering Ng, Wei Lin Design of security scheme to prevent DNS cache poisoning attacks |
| description |
DNS is a protocol which translate domain names to IP addresses of which network devices use to communicate with each other. However, DNS has vulnerabilities open to exploitation.
DNS cache poisoning attack is one of the exploited method that is still not completely mitigated till today. DNS resolver cached on the poisoned query response of which the attackers sent. The bogus response could stay in the cache for a long period without users realizing at all.
This report studies DNS cache poisoning attacks and method to mitigate the cyber-attack. Many solutions had been proposed to improve on the security of DNS. There are two main security schemes for DNS cache poisoning attacks. One is the Dan Kaminsky’s algorithm [11] of which he uses to mitigate the attack after discovering a fundamental DNS vulnerability.
The other is DNSSEC which involves adding cryptographic signature to DNS records and stored in DNS name servers. Verification can be made if the requested DNS record comes from authoritative server. Despite having these security schemes, DNS cache poisoning attacks are still happening throughout the years. A proposed countermeasure would be included in this report, of which DNS resolver and local cache would be considered. |
| author2 |
Ma Maode |
| author_facet |
Ma Maode Ng, Wei Lin |
| format |
Final Year Project |
| author |
Ng, Wei Lin |
| author_sort |
Ng, Wei Lin |
| title |
Design of security scheme to prevent DNS cache poisoning attacks |
| title_short |
Design of security scheme to prevent DNS cache poisoning attacks |
| title_full |
Design of security scheme to prevent DNS cache poisoning attacks |
| title_fullStr |
Design of security scheme to prevent DNS cache poisoning attacks |
| title_full_unstemmed |
Design of security scheme to prevent DNS cache poisoning attacks |
| title_sort |
design of security scheme to prevent dns cache poisoning attacks |
| publishDate |
2017 |
| url |
http://hdl.handle.net/10356/70810 |
| _version_ |
1772826107479851008 |