Abstract
A domain name system (DNS) with a hierarchical domain name resolution scheme plays an important role in today’s Internet surfing. To protect DNS against cache poisoning attacks is a key issue to achieve Internet security. A lot of defense schemes have been proposed to prevent DNS cache poisoning attacks in recent years. However, most of those schemes cannot get the balance between the security functionality and the performance of the networks. In this paper, in order to improve the performance of the existing security schemes against cache poisoning attacks, we propose a Selective Re-Query Case Sensitive Encoding scheme to efficiently prevent DNS cache poisoning attacks. Our scheme can be easily implemented and deployed only with little modification at the DNS server and can achieve the balance between the security and efficiency. The analysis shows that our scheme can provide strong security functionality with desirable efficiency.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
references
Olzak, T. (2006). DNS cache poisoning: Definition and prevention. http://www.infosecwriters.com.
Yu, X., Chen, X., & Xu, F. (2011). Recovering and protecting against DNS cache poisoning attacks. In Proceedings of international conference of information technology, computer engineering and management sciences 2011, ICM2011, pp. 120–123.
Hmood, H. S., Li, Z., Abdulwahid, H. K., & Zhang, Y. (2015). Adaptive caching approach to prevent DNS cache poisoning attack. The Computer Journal, 58(4), 973–985.
Shulman, H., & Waidner, M. (2014). DNSSEC for cyber forensics. EURASIP Journal on Information Security, 2014(12), 1–14.
Fan, L., Wang, Y., Cheng, X., & Li, J. (2011). Prevent DNS cache poisoning using security proxy. In Proceeding of 12th international conference on parallel and distributed computing, applications and technologies 2011, PDCAT2011, pp. 387–393.
Hoy, J. G. (2008). Anti DNS spoofing—extended query ID (XQID). http://www.jhsoft.com/dns-xqid.html.
RFC 6056. (2011). Recommendations for transport-protocol port randomization. IETF Internet Draft.
Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., & Lee, W. (2008). Increased DNS forgery resistance through 0 × 20-bit encoding. In Proceedings of the 15th ACM conference on computer and communication security, USA.
Vixie, P., & Dagon, D. (2008). Use of bit 0 × 20 in DNS labels to improve transaction identity. http://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00.
Herzberg, A., & Shulman, H. (2012). Security of patched DNS. In Proceedings of ESORICS 2012, Heidelberg, 2012, LNCS (Vol. 7459, pp. 271–288).
Herzberg, A., & Shulman, H. (2012). Antidotes for DNS poisoning by off-path adversaries. In Proceedings of international conference on availability, reliability and security, 2012, ARES, pp. 262–267.
Herzberg, A., & Shulman, H. (2013). Fragmentation considered poisonous. In Proceedings of the IEEE international conference on communications and network security 2013, CNS 2013.
Vixie, P., Gudmondsson, O., Eastlake, D., & Wellington, B. (2000). Secret key transaction authentication for DNS (TSIG). http://tools.ietf.org/html/rfc2845.
Eastlake, D. (1999). Domain name system security extensions, 3rd Version. In RFC 2535, Internet Engineering Task Force.
Bernstein, D. J. (2009). DNSCurve: Usable security for DNS. http://dnscurve.org/.
Hobeica, R., Itani, W., Ghali, C., Kayssi, A., & Chehab, A. (2012). Security anaysis and solution for thwarting cache poisoning attacks in the domain name system. In Proceedings of 19th international conference on telecommunications 2012, pp. 1–6.
Lihua, Y., Kant, K., Mohapatra, P., & Chen-Nee, C. (2006). DoX: A peer-to-peer antidote for dns cache poisoning attacks. In Proceedings of IEEE ICC’06, 2006, pp. 2345–2350.
Sun, H. M., Chang, W. H., Chang, S. Y., & Lin, Y. H. (2009). DepenDNS: Dependable mechanism against DNS cache poisoning. In Proceedings of CANS 2009. LNCS, vol. 5888, pp. 174–188.
AlFardan, N. J., Paterson, K. G. (2010). An analysis of DepenDNS. In Proceedings of ISC 2010, LNCS, vol. 6531, pp. 31–38.
Herzberg, A., & Shulman, H. (2011). Unilateral antidotes to DNS cache poisoning. In Proceedings of SecureComm 2011, Heidelberg, 2012, LNICST (vol. 96, pp. 319–336).
NIST. (2001). Announcing the advanced encryption standards (AES). http://csrc.nist.gov/publications/flips/fips197/flips-197.pdf.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Cao, J., Ma, M., Wang, X. et al. A Selective Re-Query Case Sensitive Encoding Scheme Against DNS Cache Poisoning Attacks. Wireless Pers Commun 94, 1263–1279 (2017). https://doi.org/10.1007/s11277-016-3681-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3681-2