Abstract
The Domain Name System (DNS) is a vital part of the core infrastructure of the Internet. It maps human readable names (such as www.example.com) to machine readable information (such as 93.184.216.34). This thesis studies two aspects of the DNS. First, it studies problems in the DNS Security Extensions. DNSSEC was developed to address security problems in the DNS. As we show in this thesis, however, while the deployment of DNSSEC does improve DNS security, it also introduces new problems. Two problems in particular stand out: unreachability problems due to IP fragmentation and abuse of DNSSEC-signed domains in so-called amplification DDoS attacks. The thesis shows that the default cryptographic algorithm used in DNSSEC, RSA, is at the root of these problems. Based on real-world measurements, the thesis shows that alternative cryptographic algorithms based on Elliptic Curve Cryptography (ECC) are much more suited for DNSSEC and solve the two problems discussed before. The thesis also shows that ECC performance in terms of speed is sufficient for DNSSEC, something that was uncertain before.
The second main contribution of this thesis is that it introduces a unique large-scale long-term active measurement infrastructure for the DNS. This infrastructure currently measures 60% of all domains in the global DNS name space once every 24 hours. Using five case studies, this thesis illustrates how the data collected by this infrastructure (currently spanning more than two years) enables novel research into the security, stability and evolution of the Internet.
The second main contribution of this thesis is that it introduces a unique large-scale long-term active measurement infrastructure for the DNS. This infrastructure currently measures 60% of all domains in the global DNS name space once every 24 hours. Using five case studies, this thesis illustrates how the data collected by this infrastructure (currently spanning more than two years) enables novel research into the security, stability and evolution of the Internet.
Original language | English |
---|---|
Qualification | Doctor of Philosophy |
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 28 Jun 2017 |
Place of Publication | Enschede |
Publisher | |
Print ISBNs | 978-90-365-4329-3 |
DOIs | |
Publication status | Published - 28 Jun 2017 |
Externally published | Yes |