research-article

Investigations of Top-Level Domain Name Collisions in Blockchain Naming Services

Authors:

Hiroshi Kumagai,

Masaki KamizonoAuthors Info & Claims

WWW '24: Proceedings of the ACM Web Conference 2024

Pages 2926 - 2935

https://doi.org/10.1145/3589334.3645459

Published: 13 May 2024 Publication History

Abstract

Traditionally, top-level domains (TLDs) are managed by the Internet corporation for assigned names and numbers (ICANN), and the domain names under them are managed by registrars. Against such a centralized management, a blockchain naming service (BNS) has been proposed to manage TLDs on blockchains without authority intervention. BNS users can register TLD strings as non-fungible tokens and manage the TLD root zone. However, such a decentralized management results in the introduction of a new security issue, BNS TLD name collision, wherein the same TLD is registered in several different BNSs. In this study, we investigated BNS TLD name collisions by analyzing TLDs registered on two BNSs: Handshake and Decentraweb. Specifically, we collected TLDs registered in Handshake and Decentraweb and the associated data, and analyzed the data registration status of BNS TLDs and BNS TLD name collisions. The analysis of 11,595,406 Handshake and 11,889 Decentraweb TLDs revealed 6,973 BNS TLD name collisions. In particular, lastname TLDs, which are intended for use as person names, yielded a large number of registered domain names. In addition, the analysis identified 10 name collisions between the BNS and operational ICANN TLDs. Further, the ICANN TLD candidates under review also had name collisions against the BNS TLDs. Consequently, based on the characteristics of these name collisions and discussions in BNS communities, we considered countermeasures against BNS TLD name collisions. For the further development of BNSs, we believe that it is essential to discuss with the existing Internet communities and coexist with the existing Internet.

Supplemental Material

MOV File

Supplemental video

Download
66.85 MB

MP4 File

Video presentation

Download
1403.53 MB

References

[1]

2021. Handling ICANN Strings in Hard Fork. https://github.com/handshake-org/hsd/issues/649.

[2]

2023. Butterfly Protocol. https://www.butterflyprotocol.io/.

[3]

2023. CoinGecko. https://www.coingecko.com/ja.

[4]

2023. D&B Hoovers. https://www.dnb.com/products/marketing-sales/dnb-hoovers.html.

[5]

2023. Decentraweb. https://dns.decentraweb.org/.

[6]

2023. Decentraweb JavaScript SDK. https://github.com/decentraweb/decentrawebjs.

[7]

2023. Decentraweb JSON Reserve List. https://github.com/decentraweb/reserve-list.

[8]

2023. EmerDNS. https://emercoin.com/emerdns.

[9]

2023. Ethereum Name Service. https://ens.domains/.

[10]

2023. Handshake. https://handshake.org/.

[11]

2023. Handshake Developer Documentation. https://hsd-dev.org/.

[12]

2023. Handshake DNS: Adding DNS records to domains in Namebase. https://learn.namebase.io/starting-from-zero/how-to-add-dns-records.

[13]

2023. handshake-names. https://github.com/handshake-org/hs-names.

[14]

2023. Handshake WhitePaper. https://handshake.org/files/handshake.txt.

[15]

2023. How to Claim a Name. https://hsd-dev.org/guides/claims.html.

[16]

2023. Namecoin. https://www.namecoin.org/.

[17]

2023. NFTPort. https://www.nftport.xyz/.

[18]

2023. OpenNIC Project. https://www.opennic.org/.

[19]

2023. Superlink. https://superlink.me/.

[20]

2023. Tranco list. https://tranco-list.eu/.

[21]

2023. Unstoppable Domains. https://unstoppabledomains.com/.

[22]

A. Allemann. 2022. Update: Unstoppable Domains sues over Handshake .wallet domain. https://domainnamewire.com/2022/07/20/update-unstoppable-domains-sues-over-handshake-wallet-domain/.

[23]

Fran Casino, Nikolaos Lykousas, Vasilios Katos, and Constantinos Patsakis. 2021. Unearthing malicious campaigns and actors from the blockchain DNS ecosystem. Computer Communications 179 (2021), 217--230.

Digital Library

[24]

Qi Alfred Chen, Eric Osterweil, Matthew Thomas, and Z. Morley Mao. 2016. MitM Attack by Name Collision: Cause Analysis and Vulnerability Assessment in the New gTLD Era. In IEEE Symposium on Security and Privacy (S&P).

[25]

Qi Alfred Chen, Matthew Thomas, Eric Osterweil, Yulong Cao, Jie You, and Z. Morley Mao. 2017. Client-side Name collision vulnerability in the New gTLD Era: A systematic study. In ACM SIGSAC Conference on Computer and Communications Security (CCS).

[26]

IANA. 2023. tlds-alpha-by-domain.txt. http://data.iana.org/TLD/tlds-alpha-by-domain.txt.

[27]

ICANN. 2001. Keeping the Internet a Reliable Global Public Resource: Response to New.net Policy Paper. https://archive.icann.org/en/icp/icp-3-background/response-to-new.net-09jul01.htm.

[28]

ICANN. 2013. Guide to Name Collision Identification and Mitigation for IT Professionals. https://www.icann.org/en/system/files/f iles/name-collision-mitigation-05dec13-en.pdf.

[29]

ICANN. 2013. Name Collision Resources & Information. https://www.icann.org/resources/pages/name-collision-2013--12-06-en.

[30]

ICANN. 2014. Guide to Name Collision Identification and Mitigation for IT Professionals. https://www.icann.org/en/system/files/f iles/name-collision-mitigation-01aug14-en.pdf.

[31]

ICANN. 2014. Name Collision Occurence Management Framework. https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf.

[32]

ICANN. 2023. About the New gTLD Program. https://newgtlds.icann.org/en/about/program.

[33]

ICANN. 2023. New gTLD Current Application Status. https://gtldresult.icann.org/applicationstatus/viewstatus.

[34]

Interisle Consulting Group, LLC. 2013. Name Collision in the DNS. https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf.

[35]

JPCERT/CC. 2023. JPCERT Coordination Center. https://www.jpcert.or.jp/english/.

[36]

JPNIC. 2015. Appendix1: IP address and domain name. https://www.nic.ad.jp/timeline/en/20th/appendix1.html.

[37]

Harry Kalodner, Miles Carlsten, Paul Ellenbogen, Joseph Bonneau, and Arvind Narayanan. 2015. An empirical study of Namecoin and lessons for decentralized namespace design. In Workshop on the Economics of Information Security (WEIS).

[38]

Audrey Randall, Wes Hardaker, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman. 2022. The Challenges of Blockchain-Based Naming Systems for Malware Defenders. In APWG Symposium on Electronic Crime Research (eCrime).

[39]

Tripti Sinha. 2023. ICANN Board Accepts Next Round Implementation Plan from ICANN Org. https://www.icann.org/en/blogs/details/icann-board-accepts-next-round-implementation-plan-from-icann-org-31-07--2023-en.

[40]

Unstoppable Domains. 2022. Why we're no longer offering .coin. https://unstoppabledomains.com/blog/categories/announcements/article/coin.

[41]

Pengcheng Xia, Haoyu Wang, Zhou Yu, Xinyu Liu, Xiapu Luo, Guoai Xu, and Gareth Tyson. 2022. Challenges in Decentralized Name Management: The Case of ENS. In ACM SIGCOMM Conference on Internet Measurement Conference (IMC).

Digital Library

[42]

Zonefiles. 2023. All active domain lists. https://zonefiles.io/all-registered-domains/.

Cited By

Muzammil MWu ZBalasubramanian ANikiforakis NVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Panning for gold.eth: Understanding and Analyzing ENS Domain DropcatchingProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689009(731-738)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689009
Muzammil MWu ZHarisha LKondracki BNikiforakis N(2024)Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems2024 APWG Symposium on Electronic Crime Research (eCrime)10.1109/eCrime66200.2024.00013(94-108)Online publication date: 24-Sep-2024
https://doi.org/10.1109/eCrime66200.2024.00013

Index Terms

Investigations of Top-Level Domain Name Collisions in Blockchain Naming Services
1. Networks
  1. Network services
    1. Naming and addressing
2. Security and privacy
  1. Network security

Recommendations

The Good and the Bad of Top-Level Domains

ICANN has recently announced an "open season" on top-level domains, to start some time in 2009. This will dramatically expand the namespace for Internet domain names, and will allow cities, industries, and companies to register specific top-level ...
Domain Name: Internet, Domain Name System, DNS root zone, Top-level domain, Generic top-level domain, . com, . net, . org, Country code top-level domain, ... Hostname, Uniform Resource Locator
Domain name registrars: are they part of the domain name fraud problem?
InfoSecCD '06: Proceedings of the 3rd annual conference on Information security curriculum development

Domain names are a hot commodity. A simple Google search on the phrase "domain name buying and selling" yields 17,000,000 results, with eight sponsored links on the right column. The rise in domain name commerce has resulted in an abundance of frauds ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '24: Proceedings of the ACM Web Conference 2024

May 2024

4826 pages

ISBN:9798400701719

DOI:10.1145/3589334

General Chairs:
Tat-Seng Chua
National University of Singapore
,
Chong-Wah Ngo
Singapore Management University
,
Proceedings Chair:
Roy Ka-Wei Lee
Singapore University of Technology and Design
,
Program Chairs:
Ravi Kumar
Google
,
Hady W. Lauw
Singapore Management University

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Available / v1.1

Author Tags

Qualifiers

Research-article

Conference

WWW '24

Sponsor:

SIGWEB

WWW '24: The ACM Web Conference 2024

May 13 - 17, 2024

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
151
Total Downloads

Downloads (Last 12 months)151
Downloads (Last 6 weeks)8

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Muzammil MWu ZBalasubramanian ANikiforakis NVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Panning for gold.eth: Understanding and Analyzing ENS Domain DropcatchingProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689009(731-738)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689009
Muzammil MWu ZHarisha LKondracki BNikiforakis N(2024)Typosquatting 3.0: Characterizing Squatting in Blockchain Naming Systems2024 APWG Symposium on Electronic Crime Research (eCrime)10.1109/eCrime66200.2024.00013(94-108)Online publication date: 24-Sep-2024
https://doi.org/10.1109/eCrime66200.2024.00013

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten