Making DNSSEC Future Proof

Research output: ThesisPhD Thesis - Research UT, graduation UT

104 Downloads (Pure)

Abstract

The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms. Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.
In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol.
Through these contributions, we make DNSSEC more future proof. Thereby,
DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.
Original languageEnglish
QualificationDoctor of Philosophy
Awarding Institution
  • University of Twente
Supervisors/Advisors
  • Pras, Aiko, Supervisor
  • van Rijswijk - Deij, Roland Martijn, Supervisor
  • Hesselman, Cristian, Co-Supervisor, External person
Award date24 Sep 2021
Place of PublicationEnschede
Publisher
Print ISBNs978-90-365-5181-6
DOIs
Publication statusPublished - 24 Sep 2021

Keywords

  • DNS
  • DNSSEC
  • Cryptography
  • Quantum cryptography
  • Operations

Fingerprint

Dive into the research topics of 'Making DNSSEC Future Proof'. Together they form a unique fingerprint.

Cite this