A SECURE DOMAIN NAME SYSTEM BASED ON INTRUSION TOLERANCE
DNS was not designed to be secure. The biggest security hole in DNS is the lack of support for data integrity authentication, source authentication, and authorization. In this paper, a secure DNS scheme based on intrusion tolerance is proposed. This secure DNS is intrusion-tolerant by using Byzantine intrusion tolerant technique and voting mechanism. The scheme provides high integrity, robustness, and availability of service in the presence of arbitrary failures, including failures due to malicious attacks. The proposed scheme consists of 3f+1 tightly coupled replicas per name server and guarantees safety and liveness properties of the system assuming no more than f replicas are faulty. By adding authentification of client and using symmetric key cryptography, the system guarantees a secure communication mechanism by providing a way to detect whether DNS data has been corrupted during communication over the Internet Experimental results show that the scheme can provide a much higher degree of security and reliability, as well or even better than an implementation of the DNS security extension.
DNS Intrusion tolerance Byzantine fault tolerance Voting
WEI ZHOU LIU CHEN
School of Computer, Wuhan University, Wuhan 430072, China Department of computer science, Huazhong N Department of Electronic and Information Engineering, Huazhong Normal University, Wuhan 430079, Chin
国际会议
2008 International Conference on Machine Learning and Cybernetics(2008机器学习与控制论国际会议)
昆明
英文
3535-3539
2008-07-12(万方平台首次上网日期,不代表论文的发表时间)