Cache Function Activation on a Client Based DNSSEC Validation and Alert System by Multithreading

2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI:10.1109/COMPSAC.2017.78

Kunitaka Kakoi, Yong Jin, N. Yamai, Naoya Kitagawa, M. Tomoishi

{"title":"Cache Function Activation on a Client Based DNSSEC Validation and Alert System by Multithreading","authors":"Kunitaka Kakoi, Yong Jin, N. Yamai, Naoya Kitagawa, M. Tomoishi","doi":"10.1109/COMPSAC.2017.78","DOIUrl":null,"url":null,"abstract":"Domain Name System (DNS) is one of the most important services of the Internet since most communications normally begin with domain name resolutions provided by DNS. However, DNS has vulnerability against some kind of attacks such as DNS spoofing, DNS cache poisoning, and so on. DNSSEC is an security extension of DNS to provide secure name resolution services by using digital signature based on public key cryptography. However, there are several problems with DNSSEC such as failing resolution in case of validation failure, increasing the load of DNS full resolver, and so on. To mitigate these problems, we proposed a Client Based DNSSEC Validation System. This system performs DNSSEC validation on the client, and in case of validation failure, it forwards the failed response and alerts the user to the fact. However, this system has a problem that it inactivates the cache function of validation library so that it always performs DNSSEC validation even for the same query. In this paper, we report how to solve this problem by multithreading of DNSSEC validation system.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"02 1","pages":"37-42"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC.2017.78","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Domain Name System (DNS) is one of the most important services of the Internet since most communications normally begin with domain name resolutions provided by DNS. However, DNS has vulnerability against some kind of attacks such as DNS spoofing, DNS cache poisoning, and so on. DNSSEC is an security extension of DNS to provide secure name resolution services by using digital signature based on public key cryptography. However, there are several problems with DNSSEC such as failing resolution in case of validation failure, increasing the load of DNS full resolver, and so on. To mitigate these problems, we proposed a Client Based DNSSEC Validation System. This system performs DNSSEC validation on the client, and in case of validation failure, it forwards the failed response and alerts the user to the fact. However, this system has a problem that it inactivates the cache function of validation library so that it always performs DNSSEC validation even for the same query. In this paper, we report how to solve this problem by multithreading of DNSSEC validation system.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于多线程的客户端DNSSEC验证报警系统的缓存功能激活

域名系统(DNS)是互联网最重要的服务之一，因为大多数通信通常以DNS提供的域名解析开始。但是，DNS存在一些漏洞，如DNS欺骗、DNS缓存中毒等。DNSSEC是DNS的安全扩展，通过使用基于公钥加密的数字签名提供安全的名称解析服务。但是，DNSSEC存在着验证失败导致解析失败、DNS全解析器负载增加等问题。为了解决这些问题，我们提出了一个基于客户端的DNSSEC验证系统。该系统对客户端执行DNSSEC验证，在验证失败的情况下，转发失败的响应并提醒用户注意这一事实。然而，该系统存在一个问题，即它停用了验证库的缓存功能，因此即使对相同的查询也总是执行DNSSEC验证。本文介绍了如何通过DNSSEC验证系统的多线程来解决这一问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)

自引率

0.00%

发文量