TY - GEN
T1 - DNSSEC
T2 - 1st IEEE International Conference on Communications and Network Security, CNS 2013
AU - Herzberg, Amir
AU - Shulman, Haya
PY - 2013
Y1 - 2013
N2 - DNSSEC was proposed more than 15 years ago but its (correct) adoption is still very limited. Recent cache poisoning attacks motivate deployment of DNSSEC. In this work we present a comprehensive overview of challenges and potential pitfalls of DNSSEC, including: ▶ Vulnerable configurations: we show that inter-domain referrals (via NS, MX and CNAME records) present a challenge for DNSSEC deployment and may result in vulnerable configurations. Due to the limited deployment so far, these configurations are expected to be popular. ▶ Incremental Deployment: we discuss implications of interoperability problems on DNSSEC validation by resolvers and potential for increased vulnerability due to popular practices of incremental deployment. ▶ Super-sized Response Challenges: we explain how large DNSSEC-enabled DNS responses cause interoperability challenges, and can be abused for DoS and even DNS poisoning.
AB - DNSSEC was proposed more than 15 years ago but its (correct) adoption is still very limited. Recent cache poisoning attacks motivate deployment of DNSSEC. In this work we present a comprehensive overview of challenges and potential pitfalls of DNSSEC, including: ▶ Vulnerable configurations: we show that inter-domain referrals (via NS, MX and CNAME records) present a challenge for DNSSEC deployment and may result in vulnerable configurations. Due to the limited deployment so far, these configurations are expected to be popular. ▶ Incremental Deployment: we discuss implications of interoperability problems on DNSSEC validation by resolvers and potential for increased vulnerability due to popular practices of incremental deployment. ▶ Super-sized Response Challenges: we explain how large DNSSEC-enabled DNS responses cause interoperability challenges, and can be abused for DoS and even DNS poisoning.
UR - http://www.scopus.com/inward/record.url?scp=84893538307&partnerID=8YFLogxK
U2 - 10.1109/cns.2013.6682730
DO - 10.1109/cns.2013.6682730
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84893538307
SN - 9781479908950
T3 - 2013 IEEE Conference on Communications and Network Security, CNS 2013
SP - 365
EP - 366
BT - 2013 IEEE Conference on Communications and Network Security, CNS 2013
PB - IEEE Computer Society
Y2 - 14 October 2013 through 16 October 2013
ER -