Trusted Directory Services for Secure Internet Connectivity: Transport Layer Security using DNSSEC

https://doi.org/10.1016/j.entcs.2007.12.019Get rights and content
Under a Creative Commons license
open access

Abstract

The Internet today is a highly dynamic environment which frequently requires secure communication between peers that do not have a direct trust relationship. Current solutions for establishing trust often require static and application-specific Public Key Infrastructures (PKIs). This paper presents trusted directory services as a key infrastructural technology for setting up secure Internet connections, providing an alternative to application-specific PKIs. The directory securely binds public keys to peers through their names in a flexible way that matches the dynamic nature of the Internet. We elaborate on this concept by showing how the Domain Name System (DNS) and its security extensions (DNSSEC) can be leveraged for establishing secure Transport Layer Security (TLS) connections in a dynamic way. A simple enhancement of the TLS protocol, called Extended TLS (E-TLS), required for this purpose, is proposed. We describe our E-TLS implementation and we conclude with an evaluation of our results.

Keywords

Public Key Infrastructures
secure DNS
Transport Layer Security
trusted directory services

Cited by (0)