Zoekresultaten

Zoekopdracht: faculteit: "FNWI" en publicatiejaar: "2009"

AuteurCornel de Jong
TitelSecuring DNS : What consequences do the differences in design of DNSCurve and DNSSEC have on the implementations?
BegeleidersCees de Laat, Fred Mobach, Mendel Mobach
Jaar2009
Pagina's47
FaculteitFaculteit der Natuurwetenschappen, Wiskunde en Informatica
OpleidingFNWI MSc System and Network Engineering
SamenvattingThe Domain Name System (DNS) is a key infrastructure component of the Internet architecture. The fact that data can be manipulated to serve a malicious purpose has never been taken into consideration when the DNS was first developed. This can result in an untrustworthy DNS, last year D. Kaminsky showed the potential impact of this problem once again. Many solutions to secure the DNS focus on the protection of the name servers instead of the DNS as a whole. This report shows the differences between DNSCurve and DNSSEC, two techniques developed to secure the DNS using a very different approach. DNSCurve offers authentication and encryption to the link-layer whereas DNSSEC offers message authentication and integrity verification through cryptographic signatures. The report is based on theoretical research to investigate the differences between these two techniques and will cover multiple areas, like: Installation requirements, transport protocol, challenges and tools. The maturity of DNSSEC, the existing signed ccTLDs, multiple testbeds and ongoing development make it more reliable for now than DNSCurve does. During the research period the ICANN announced steps to sign the root zone by the end of 2009; this is a major improvement for DNSSEC deployment. DNSCurve also shows some movement, the website now states that the software is under development and testing at the moment of writing (June 2009). DNSCurve looks very promising but first have to prove itself.
Soort document scriptie master
Download bestand