Security enhancements to prevent DNS cache poisoning attacks
The Domain Name Server (DNS) serves very important role in today internet, by converting human readable domain or host name to computer readable Internet Protocol (IP) address. In recent years, vulnerabilities of the DNS had surface due to its lack of security upgrade. One of it is DNS Cache Poisoni...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/74889 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | The Domain Name Server (DNS) serves very important role in today internet, by converting human readable domain or host name to computer readable Internet Protocol (IP) address. In recent years, vulnerabilities of the DNS had surface due to its lack of security upgrade. One of it is DNS Cache Poisoning where attackers forcefully gain access to the names server and change the cache record, diverting users to malicious websites meant to steal confidential information for financial gain or ill-intent. DNSSEC has been introduced as a solution to DNS Cache Poisoning but has not been very popular with the internet community. One of the main reason was linked to extended loading time for website due to delays and errors caused by signature generation and validation required in DNSSEC, affecting user experience. The study attempt to compares the efficiency between Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC), algorithms used in DNSSEC digital signing, and proposed viable solution to resolve the slow uptakes issue of DNSSEC. By comparing query time for DNSSEC enabled websites using RSA and ECDSA, we can find out which algorithm are more efficient. The results obtained agree with theory and justify ECDSA to be a more efficient algorithm for use in DNSSEC due to its small key sizes and still providing the level of security needed. While using ECDSA could increase the speed of query time in DNS, further studies utilizing modern technologies such as Machine Learning integrated into the system can be done to improve the overall efficiency of DNS with DNSSEC. |
|---|