Skip to main content
Springer Nature Link
Log in

An Analysis of DepenDNS

  • Conference paper
Information Security (ISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6531))

Included in the following conference series:

  • 2353 Accesses

Abstract

Recently, a new scheme to protect clients against DNS cache poisoning attacks was introduced. The scheme is referred to as DepenDNS and is intended to protect clients against such attacks while being secure, practical, efficient and conveniently deployable. In our paper we examine the security and the operational aspects of DepenDNS. We highlight a number of severe operational deficiencies that the scheme has failed to address. We show that cache poisoning and denial of service attacks are possible against the scheme. Our findings and recommendations have been validated with real data collected over time.

The full version of this paper is available from [9].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Eastlake 3rd, D.: Domain Name System Security Extensions. RFC 2535, Internet Engineering Task Force (March 1999)

    Google Scholar 

  2. Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (DNS). RFC 3833, Internet Engineering Task Force (August 2004)

    Google Scholar 

  3. Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. In: ACM Conference on Computer and Communications Security, pp. 211–222 (2008)

    Google Scholar 

  4. Mockapetris, P.V.: Domain names - concepts and facilities. RFC 1034, Internet Engineering Task Force (November 1987)

    Google Scholar 

  5. Mockapetris, P.V.: Domain names - implementation and specification. RFC 1035, Internet Engineering Task Force (November 1987)

    Google Scholar 

  6. Poole, L., Pai, V.S.: ConfiDNS: leveraging scale and history to improve DNS security. In: Proceedings of the 3rd Conference on USENIX Workshop on Real, Large Distributed Systems, WORLDS 2006 (2006)

    Google Scholar 

  7. Sun, H.-M., Chang, W.-H., Chang, S.-Y., Lin, Y.-H.: DepenDNS: Dependable mechanism against DNS cache poisoning. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 174–188. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Yuan, L., Kant, K.: DoX: A peer-to-peer antidote for DNS cache poisoning attacks. In: Proceedings of the International Conference on Communications, IEEE ICC, pp. 2345–2350 (2006)

    Google Scholar 

  9. AlFardan, N.J., Paterson, K.G.: An Analysis of DepenDNS. Full version of this paper, http://www.isg.rhul.ac.uk/~kp

Download references

Author information

Authors and Affiliations

  1. Information Security Group (ISG), Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Nadhem J. AlFardan & Kenneth G. Paterson

Authors
  1. Nadhem J. AlFardan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kenneth G. Paterson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Security and Assurance in IT (C-SAIT), Department of Computer Science, Florida State University, 32306-4530, Tallahassee, FL, USA

    Mike Burmester

  2. Department of Computer Science, University of California, Irvine, 92697-3425, CA, USA

    Gene Tsudik

  3. Center for Cryptology and Information Security (CCIS), Department of Mathematical Sciences, Florida Atlantic University, 33431-0991, Boca Raton, FL, USA

    Spyros Magliveras

  4. Mathematical Sciences Department, Florida Atlantic University, 33431-0991, Boca Raton, FL, USA

    Ivana Ilić

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

AlFardan, N.J., Paterson, K.G. (2011). An Analysis of DepenDNS. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds) Information Security. ISC 2010. Lecture Notes in Computer Science, vol 6531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18178-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-18178-8_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-18177-1

  • Online ISBN: 978-3-642-18178-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics