文章基本信息

标题：D-TS: A Secure and Trusted Authentication Framework for Domain Name Server
本地全文：下载
作者：Usman Aijaz N ; Syed Mustafa ; Mohammed Misbahuddin 等
期刊名称：International Journal of Wireless and Microwave Technologies(IJWMT)
印刷版ISSN：2076-1449
电子版ISSN：2076-9539
出版年度：2021
卷号：11
期号：6
页码：34-45
DOI：10.5815/ijwmt.2021.06.04
语种：English
出版社：MECS Publisher
摘要：DNS is responsible for the hostname to IP address translation. It is an open resolver that's why vulnerable to different kinds of attacks such as cache poisoning, man-in-the-middle, DOS and DDOS, etc. DNS is responsible for the hostname to IP address translation. To protect DNS IETF added a layer of security to it known as Domain Name System Security Extensions (DNSSEC). DNSSEC is also vulnerable to phishing, spoofing, and MITM attacks. To protect DNS, along with DNSSEC we require certifying authorities to authenticate the communicating parties. DNSSEC combined with an SSL certificate issued by Certifying Authorities (CA's) can protect the DNS from various attacks. The main weakness of this system is there are too many CA's and It is not feasible to trust all of them. Any breached CA can issue a certificate for any domain name. A certificate issued from a compromised CA's is valid. In this scenario, it is necessary for the organization to limit the number of CAs and to check whether the server is signed by a trusted CA's or not. DNS Based Authentication of Named Entities (DANE) permits a domain possessor to stipulate specific CA's issue certificates for a specific resource. DANE will not allow any CA to issue certificates for any domain. It limits the number of CA's used by the client. As there were still some security issues left in it that can be resolved using a mechanism called D-TS. It is a DANE-based trusted server that acts as a third party and validates the certificates of all the entities of the network. D-TS will be a proof-of-concept for enhancing the security in communications between Internet applications by using information available in DNS. The system attempts to solve the shortcomings of DANE by establishing a trust zone between the clients and the services. By adding multiple levels of validations, it aims to provide improved authenticity of services to clients, thereby mitigating attacks like phishing, Spoofing, Dos, and man-in-the-middle attack. In this paper, we will discuss the detailed working of our proposed solution D-TS.
关键词：Certifying Authority (CA);DNS;DNSSEC;DANE;D-TS