Using a Byzantine-Fault-Tolerant Algorithm to Provide a Secure DNS

Using a Byzantine-Fault-Tolerant Algorithm to Provide a Secure DNS (1995)

Cached

Download Links

[pmg.csail.mit.edu]

by Zheng Yang

Citations:

2 - 0 self

BibTeX

@MISC{Yang95usinga,
    author = {Zheng Yang},
    title = {Using a Byzantine-Fault-Tolerant Algorithm to Provide a Secure DNS},
    year = {1995}
}

Bookmark

OpenURL

Abstract

The Domain Name System, or DNS, is a distributed database that is used to provide a name service for the Internet. It has become a critical part of the Internet infrastructure. Because of its importance, DNS is a favorite target of malicious hackers. However, DNS is not designed to be a secure protocol. To make the DNS more robust, a DNS security extension has been proposed. In this extension, the authentication of the queried data can be verified by using a public-private key scheme. But this extension still has some security flaws. This thesis analyzes the security issues of DNS and its security extension. It presents a design and implementation of a Byzantine-fault-tolerant DNS based on a new Byzantine-fault-tolerant algorithm. This DNS also support secure dynamic update operations. The malicious user needs to compromise at least f + 1 replicas to effectively attack the system, which consists of 3f +1 replicas. This thesis also shows that the Byzantine-fault-tolerant DNS performs almost as well as an implementation

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
1404	How to share a secret - Shamir - 1979
1300	Impossibility of distributed consensus with one faulty process - Fischer, Lynch, et al. - 1985
716	Implementing fault-tolerant services using the state machine approach: a tutorial - Schneider - 1990
524	Domain names - concepts and facilities - Mockapetris - 1987
476	Practical Byzantine fault tolerance - Castro, Liskov - 1999
452	Domain names - implementation and specification - Mockapetris - 1987
312	Tamper Resistance – a Cautionary Note - Anderson, Kuhn - 1996
309	Safeguarding cryptographic keys - Blakley - 1979
261	Digitalized signatures and public-key functions as intractable as factorization - Rabin
191	Development of the domain name system - Mockapetris, Dunlap - 1988
117	The SecureRing protocols for securing group communication - Kihlstrom, Moser, et al. - 1998
95	Message authentication with one-way hash functions - Tsudik - 1992
92	Domain name system security extensions - Eastlake - 1999
83	The MD5 message-digest algorithm. Internet RFC-1321. Available at ftp://ftp.isi.edu/in-notes/rfc1321.txt - Rivest - 1992
80	Linearizable concurrent objects - Herlihy, Wing - 1988
72	A secure group membership protocol - Reiter - 1994
69	D.: A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost - Bellare, Micciancio - 1997
56	Fully polynomial byzantine agreement for > processors in + 1 rounds - Garay, Moses - 1998
53	Eds): On Digital Signatures and Public Key Cryptosystems - RL, Shamir, et al. - 1977
46	Secure Domain Name System Dynamic Update", 04/21/1997. draft-ietf-dnssec-secext2-*.txt - D. Eastlake, "Domain Name System Security Extensions - Eastlake
23	Authenticated Byzantine Fault Tolerance Without Public-Key Cryptography - Castro, Liskov - 1999
20	Dynamic updates in the domain name system (DNS Update - Vixie, Thomson, et al. - 1997
15	Optimal Asynchronous Byzantine Agreement - Canneti, Rabin - 1992
2	RSA/MD5 Keys and SIGs in the Domain Name System - Eastlake - 1999
1	Practical recovery in a byzantine fault-tolerantalgorithm - Castro, Liskov - 1999
1	Generalized linerar thresh old scheme - Kothari - 1995
1	The byzantine gererals problem - Lamport, Shostak, et al. - 1982
1	Internet trends - Rutkowski - 1999
1	inc secure dns product - association - 1999
1	A modification of the rsa public-key encrption procedure - Williams - 1980