Security enhancements to prevent DNS cache poisoning attacks

The Domain Name Server (DNS) serves very important role in today internet, by converting human readable domain or host name to computer readable Internet Protocol (IP) address. In recent years, vulnerabilities of the DNS had surface due to its lack of security upgrade. One of it is DNS Cache Poisoni...

Full description

Saved in:
Bibliographic Details
Main Author: Chong, Soon Seng
Other Authors: Ma Maode
Format: Final Year Project
Language:English
Published: 2018
Subjects:
Online Access:http://hdl.handle.net/10356/74889
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-74889
record_format dspace
spelling sg-ntu-dr.10356-748892023-07-07T15:54:58Z Security enhancements to prevent DNS cache poisoning attacks Chong, Soon Seng Ma Maode School of Electrical and Electronic Engineering DRNTU::Engineering The Domain Name Server (DNS) serves very important role in today internet, by converting human readable domain or host name to computer readable Internet Protocol (IP) address. In recent years, vulnerabilities of the DNS had surface due to its lack of security upgrade. One of it is DNS Cache Poisoning where attackers forcefully gain access to the names server and change the cache record, diverting users to malicious websites meant to steal confidential information for financial gain or ill-intent. DNSSEC has been introduced as a solution to DNS Cache Poisoning but has not been very popular with the internet community. One of the main reason was linked to extended loading time for website due to delays and errors caused by signature generation and validation required in DNSSEC, affecting user experience. The study attempt to compares the efficiency between Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC), algorithms used in DNSSEC digital signing, and proposed viable solution to resolve the slow uptakes issue of DNSSEC. By comparing query time for DNSSEC enabled websites using RSA and ECDSA, we can find out which algorithm are more efficient. The results obtained agree with theory and justify ECDSA to be a more efficient algorithm for use in DNSSEC due to its small key sizes and still providing the level of security needed. While using ECDSA could increase the speed of query time in DNS, further studies utilizing modern technologies such as Machine Learning integrated into the system can be done to improve the overall efficiency of DNS with DNSSEC. Bachelor of Engineering 2018-05-24T08:05:32Z 2018-05-24T08:05:32Z 2018 Final Year Project (FYP) http://hdl.handle.net/10356/74889 en Nanyang Technological University 35 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic DRNTU::Engineering
spellingShingle DRNTU::Engineering
Chong, Soon Seng
Security enhancements to prevent DNS cache poisoning attacks
description The Domain Name Server (DNS) serves very important role in today internet, by converting human readable domain or host name to computer readable Internet Protocol (IP) address. In recent years, vulnerabilities of the DNS had surface due to its lack of security upgrade. One of it is DNS Cache Poisoning where attackers forcefully gain access to the names server and change the cache record, diverting users to malicious websites meant to steal confidential information for financial gain or ill-intent. DNSSEC has been introduced as a solution to DNS Cache Poisoning but has not been very popular with the internet community. One of the main reason was linked to extended loading time for website due to delays and errors caused by signature generation and validation required in DNSSEC, affecting user experience. The study attempt to compares the efficiency between Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC), algorithms used in DNSSEC digital signing, and proposed viable solution to resolve the slow uptakes issue of DNSSEC. By comparing query time for DNSSEC enabled websites using RSA and ECDSA, we can find out which algorithm are more efficient. The results obtained agree with theory and justify ECDSA to be a more efficient algorithm for use in DNSSEC due to its small key sizes and still providing the level of security needed. While using ECDSA could increase the speed of query time in DNS, further studies utilizing modern technologies such as Machine Learning integrated into the system can be done to improve the overall efficiency of DNS with DNSSEC.
author2 Ma Maode
author_facet Ma Maode
Chong, Soon Seng
format Final Year Project
author Chong, Soon Seng
author_sort Chong, Soon Seng
title Security enhancements to prevent DNS cache poisoning attacks
title_short Security enhancements to prevent DNS cache poisoning attacks
title_full Security enhancements to prevent DNS cache poisoning attacks
title_fullStr Security enhancements to prevent DNS cache poisoning attacks
title_full_unstemmed Security enhancements to prevent DNS cache poisoning attacks
title_sort security enhancements to prevent dns cache poisoning attacks
publishDate 2018
url http://hdl.handle.net/10356/74889
_version_ 1772829156200939520