Skip to main content
Conference Proceedings

An on-demand defense scheme against DNS cache poisoning attacks

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (2018) 238 793-807
DOI: 10.1007/978-3-319-78813-5_43
4Citations
Citations of this article
3Readers
Mendeley users who have this article in their library.
Get full text

Abstract

The threats of caching poisoning attacks largely stimulate the deployment of DNSSEC. Being a strong but demanding cryptographical defense, DNSSEC has its universal adoption predicted to go through a lengthy transition. Thus the DNSSEC practitioners call for a secure yet lightweight solution to speed up DNSSEC deployment while offering an acceptable DNSSEC-like defense. This paper proposes a new On-Demand Defense (ODD) scheme against cache poisoning attacks, still using but lightly using DNSSEC. In the solution, DNS operates in DNSSEC-oblivious mode unless a potential attack is detected and triggers a switch to DNSSEC-aware mode. The modeling checking results demonstrate that only a small DNSSEC query load is needed by the ODD scheme to ensure a small enough cache poisoning success rate.

Author supplied keywords

Cite

CITATION STYLE

APA

Wang, Z., Yu, S., & Rose, S. (2018). An on-demand defense scheme against DNS cache poisoning attacks. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 238, pp. 793–807). Springer Verlag. https://doi.org/10.1007/978-3-319-78813-5_43

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free