About This Project
The current Domain Name System (DNS) is vulnerable to so-called spoofing attacks against which the state-of-art countermeasure is the DNS Security Extensions (DNSSEC). However, the DNSSEC deployment is still limited in the Internet as a whole by now. The study will measure the DNSSEC readiness on the popular domain names as well as the open DNS recursive servers. It will tell us the status quo of DNSSEC deployment and raise the public awareness about DNS security and DNSSEC.
Ask the Scientists
Join The DiscussionWhat is the context of this research?
Most users rely on a system called the Domain Name System (DNS) to surf the Internet. When you types a name into your web browser, that name must be first translated into a number known as Internet Protocol (IP) address by the DNS before the connection can be established.
The current DNS is vulnerable to so-called spoofing attacks whereby an attacker can fool your web browser into accepting false DNS data. The purpose of these attacks is to take control of the DNS lookup session to, for example, send the user to the hijacker's own deceptive web site for account and password collection.
The DNS Security Extensions (DNSSEC) is designed to make these attacks detectable by the end users. However, its deployment is still limited by now.
What is the significance of this project?
The DNS is a globally distributed database, making the DNSSEC availability critically depends on its deployment on each parts involved in the DNSSEC validation path. The ongoing DNSSEC deployment over the Internet leaves some parts of the DNS secured and others not. So one would ask how available the DNSSEC is before choosing to use it. The study will answer the question through measurements and analysis.
It is believed that the best way to incent domain owners and operators to deploy DNSSEC is to promote DNSSEC usage among their users. The study is expected to boost the DNSSEC usage by telling users what DNSSEC-enabled domains and what DNSSEC-aware servers are available. It will surely be an endeavor to make a secure Internet.
What are the goals of the project?
The study will measure the DNSSEC readiness on the popular domain names (e.g., www.google.com, www.amazon.com) as well as the open DNS recursive servers (e.g., the google’s DNS service on 8.8.8.8). A measurement tool will be developed to probe and evaluate the Alexa Top 1 million domains and a large set of open DNS recursive servers visible on the Internet. The raw results will be further processed to generate a measurement report.
The study will tell us what domain names could be trusted and what open DNS recursive servers are available for DNSSEC validation. It also aims at raising the public awareness about DNS security and DNSSEC and promoting the upgrade to DNSSEC.
Budget
The funds will be used for a software eningeer and students to develope the measurement tool and collect and analyze the data.
Endorsed by
Meet the Team
Zheng Wang
I am a researcher at the National Institute of Standards and Technology and an expert on Domain Name System (DNS). In the past ten years, I have been devoted to improving the security, stability, resilience, and privacy of the Internet especially in the context of DNS. Intersecting with a number of information science fields, my work frequently involves developing mathematical methods to solve practical problems and building running codes to address the security challenges. I have served in several working groups of ICANN (Internet Corporation for Assigned Names and Numbers) which coordinates the Internet’s naming system across the world. I am co-inventor of seven patents and co-author of over thirty academic papers. I hold the Ph.D. in Computer Science.
Lab Notes
Nothing posted yet.
Project Backers
- 1Backers
- 1%Funded
- $2Total Donations
- $2.00Average Donation