@inproceedings{242001ad3eb44716a5f9211070cc2941,
title = "DNSSEC: Interoperability challenges and transition mechanisms",
abstract = "Recent cache poisoning attacks motivate protecting DNS with strong cryptography, by adopting DNSSEC, rather than with challenge-response 'defenses'. We discuss the state of DNSSEC deployment and obstacles to adoption. We then present an overview of challenges and potential pitfalls of DNSSEC, including: Incremental Deployment: we review deployment status of DNSSEC, and discuss potential for increased vulnerability due to popular practices of incremental deployment, and provide recommendations. Long DNSSEC Responses: long DNS responses are vulnerable to attacks, we review cache poisoning attack on fragmented DNS responses, and discuss mitigations. Trust Model of DNS: we review the trust model of DNS and show that it may not be aligned with the security model of DNSSEC. We discuss using trust anchor repositories (TARs) to mitigate the trust problem. TARs were proposed to allow transition to DNSSEC and to provide security for early adopters.",
keywords = "Chain of trust, DNS cache poisoning, DNS security, DNSSEC, Trust anchor",
author = "Amir Herzberg and Haya Shulman",
year = "2013",
doi = "10.1109/ares.2013.53",
language = "אנגלית",
isbn = "9780769550084",
series = "Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013",
pages = "398--405",
booktitle = "Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013",
note = "2013 8th International Conference on Availability, Reliability and Security, ARES 2013 ; Conference date: 02-09-2013 Through 06-09-2013",
}