Making DNSSEC Future Proof

Moritz Christian Müller

doi:10.3990/1.9789036551816

Making DNSSEC Future Proof

Moritz Christian Müller

Research output: Thesis › PhD Thesis - Research UT, graduation UT

896 Downloads (Pure)

Abstract

The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms. Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.
In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol.
Through these contributions, we make DNSSEC more future proof. Thereby,
DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.

Original language	English
Qualification	Doctor of Philosophy
Awarding Institution	University of Twente
Supervisors/Advisors	Pras, A., Supervisor van Rijswijk - Deij, Roland Martijn, Supervisor Hesselman, Cristian E.W., Co-Supervisor
Award date	24 Sept 2021
Place of Publication	Enschede
Publisher	University of Twente
Print ISBNs	978-90-365-5181-6
DOIs	https://doi.org/10.3990/1.9789036551816
Publication status	Published - 24 Sept 2021

Keywords

DNS
DNSSEC
Cryptography
Quantum cryptography
Operations

Access to Document

10.3990/1.9789036551816Licence: CC BY-NC-SA

PhD thesis M.C. MüllerFinal published version, 5.64 MBLicence: CC BY-NC-SA

Cite this

@phdthesis{11551807b881456fb4179194c477e746,

title = "Making DNSSEC Future Proof",

abstract = "The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms. Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol. Through these contributions, we make DNSSEC more future proof. Thereby,DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.",

keywords = "DNS, DNSSEC, Cryptography, Quantum cryptography, Operations",

author = "M{\"u}ller, {Moritz Christian}",

year = "2021",

month = sep,

day = "24",

doi = "10.3990/1.9789036551816",

language = "English",

isbn = "978-90-365-5181-6",

series = "DSI Ph.D. Thesis Series",

publisher = "University of Twente",

number = "18-170",

address = "Netherlands",

type = "PhD Thesis - Research UT, graduation UT",

school = "University of Twente",

}

TY - THES

T1 - Making DNSSEC Future Proof

AU - Müller, Moritz Christian

PY - 2021/9/24

Y1 - 2021/9/24

N2 - The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms. Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol. Through these contributions, we make DNSSEC more future proof. Thereby,DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.

AB - The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms. Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol. Through these contributions, we make DNSSEC more future proof. Thereby,DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.

KW - DNS

KW - DNSSEC

KW - Cryptography

KW - Quantum cryptography

KW - Operations

U2 - 10.3990/1.9789036551816

DO - 10.3990/1.9789036551816

M3 - PhD Thesis - Research UT, graduation UT

SN - 978-90-365-5181-6

T3 - DSI Ph.D. Thesis Series

PB - University of Twente

CY - Enschede

ER -

Making DNSSEC Future Proof

Abstract

Keywords

Access to Document

Fingerprint

Cite this