A Security Evaluation of DNSSEC with NSEC3

@article{Bau2010ASE,
  title={A Security Evaluation of DNSSEC with NSEC3},
  author={Jason Bau and John C. Mitchell},
  journal={IACR Cryptology ePrint Archive},
  year={2010},
  volume={2010},
  pages={115}
}
Domain Name System Security Extensions (DNSSEC) with Hashed Authenticated Denial of Existence (NSEC3) is a protocol slated for adoption by important parts of the DNS hierarchy, including the root zone, as a solution to DNS security vulnerabilities such as “cache-poisoning” attacks. We study the security goals and operation of DNSSEC/NSEC3 and use Murφ, a finite-state enumeration tool, to analyze its security guarantees and shortcomings. By checking DNSSEC/NSEC3 security properties in the… CONTINUE READING

From This Paper

Figures, tables, and topics from this paper.

Citations

Publications citing this paper.
SHOWING 1-10 OF 40 CITATIONS, ESTIMATED 34% COVERAGE

119 Citations

01020'11'13'15'17'19
Citations per Year
Semantic Scholar estimates that this publication has 119 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
SHOWING 1-10 OF 11 REFERENCES

Breaking DNSSEC

  • Daniel Bernstein
  • Usenix Workshop on Offensive Technologies,
  • 2009
Highly Influential
11 Excerpts

DNS 2008 and the New (old) Nature of Critical Infrastructure

  • Dan Kaminsky
  • BlackHat DC,
  • 2009
Highly Influential
3 Excerpts

It’s the End of the Cache as We Know It

  • Dan Kaminsky
  • BlackHat USA, Auguest
  • 2008
3 Excerpts

The Flaw at the Heart of the Internet

  • Erica Naone
  • Technology Review,
  • 2008
3 Excerpts

Breaking DNSSEC . 3 rd Usenix Workshop on Offensive Technologies , August 2009 . [ 12 ] Microsoft Security Bulletin . Vulnerabilities in DNS Could Allow Spoofing ( 953230 )

  • David Dill
  • The Mur φ Verification System . Computer Aided…
  • 1996

, Vitaly Shmatikov , and Ulrich Stern . Finite - State Analysis of SSL 3 . 0

  • John C. Mitchell
  • More Tricks For Defeating SSL . BlackHat USA

Black Ops of PKI

  • Dan Kaminsky
  • BlackHat USA

Similar Papers

Loading similar papers…