24-09-2016, 10:38 AM
1455984392-pxc3904323.pdf (Size: 468.7 KB / Downloads: 56)
ABSTRACT
DNS, Domain Name System is a protocol that resolves
hostnames to IP Addresses over the Internet. DNS, being an
open source, it is less secure and it has no means of
determining whether domain name data comes from an
authorised domain owner. So, these vulnerabilities lead to a
number of attacks, such as, cache poisoning, cache spoofing
etc. Hence, there is a need of securing DNS. Digital
Signatures are a good way of authyenticating the domain
owners. The paper presents the Domain Name System
security concept,. Digital Signature algorithms helps in
providing good level of security to DNS. Software like
OpenDNSSEC, BIND, Secure64 etc. It involves the signing
of DNS using cryptographical algorithms (e.g., RSA, DSA
etc.). Further, ECDSA is one way that provides same level of
security, as security provided by RSA for low power and
portable devices. So, here we proposing a new ECDSA
implementation that can be used to secure DNS.
1. INTRODUCTION
The Domain Name System is a protocol for locating domain
names and mapping them to IP addresses. DNS is a
hierarchical, distributed database, which provides mapping
between easy to remember hostnames, such as
www.uptu.ac.in, and IPv4 or IPv6 network addresses, for
example, 117.211.115.134. In DNS tree, each node represents
a DNS name. A DNS domain is a branch under the node.
When a hostname is translated into its numeric representation,
this allows the network to trace a path from a user to a
particular server. Correct and timely DNS translations are
vital for networks such as the Internet and thus are an
interesting target for attackers. As originally designed, DNS
has no means of determining whether the domain name data
comes from the authorized domain owner or it has been
forged. This weakness in security leaves the system to be
vulnerable to a number of attacks, like DNS cache poisoning,
DNS spoofing etc.
1.1 Elliptic Curve Cryptography
Elliptic Curve Cryptography (ECC) is a kind of public key
cryptography, based on the concept of elliptic curves. Elliptic
curves are basically cubic equations of two variables, with
coefficients. ECC uses only those elliptic curves, wherein the
variables and coefficients are restricted to elements of a finite
field.
1.2 Elliptic Curve Discrete Logarithm
Problem (ECDLP)
The ECDLP is the basis for the security[3]. Given a point R =
k*P, where R and P are known, then there is no way to find
out what the value of ‘k‘is. Since, there is no point subtraction
or point division, to resolve k = R/P. Also, computing k
requires roughly 2n/2 operations. If the key size is 192 bits,
then 296 operations are to be done which would take millions
of years. This thing where the multiplicand can’t be found
even when the original and destination points are known is the
whole basis of the security behind the ECDSA algorithm, and
the principle is called a trap door function or ECDLP.
2. DNS BACKGROUND
The DNS system consists of following main components:
Domain Name Space and resource records (RRs)
which are used to identify hosts and extract its
properties.
Name servers having information on a subset of the
domain tree.
Resolvers or programs able to extract information
from a name server after a client request and follow
query referrals from one DNS server to another.
Zones are certain portions of the DNS namespace.
This portion is what for which the server is
authoritative. An authority for server can be
possible for one or more zones.
Zone files are files that contain resource records
about zones for which the server is authoritative.
Zones are mostly implemented as text files in DNS
implementations