Making DNSSEC Future Proof

Research output: ThesisPhD Thesis - Research UT, graduation UT

756 Downloads (Pure)


The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms. Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.
In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol.
Through these contributions, we make DNSSEC more future proof. Thereby,
DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.
Original languageEnglish
QualificationDoctor of Philosophy
Awarding Institution
  • University of Twente
  • Pras, A., Supervisor
  • van Rijswijk - Deij, Roland Martijn, Supervisor
  • Hesselman, Cristian E.W., Co-Supervisor
Award date24 Sept 2021
Place of PublicationEnschede
Print ISBNs978-90-365-5181-6
Publication statusPublished - 24 Sept 2021


  • DNS
  • Cryptography
  • Quantum cryptography
  • Operations


Dive into the research topics of 'Making DNSSEC Future Proof'. Together they form a unique fingerprint.

Cite this