• Corpus ID: 18354858

Public Key Distribution with Secure DNS

@inproceedings{Galvin1996PublicKD,
  title={Public Key Distribution with Secure DNS},
  author={James M. Galvin},
  booktitle={USENIX Security Symposium},
  year={1996}
}
  • James M. Galvin
  • Published in USENIX Security Symposium 22 July 1996
  • Computer Science
Recently, many protocols in the Internet are proposing the use of public key cryptography in support of integrity and authentication security services. However, each of these protocols lacks a globally available public key distribution and management system. A secure version of the Domain Name System (DNS) is being developed which, conveniently, provides an infrastructure ideally suited for the distribution and management of public keys. We propose how this infrastructure of the secure DNS… 
Layering public key distribution over secure DNS using authenticated delegation
We present the Internet key service (IKS), a distributed architecture for authenticated distribution of public keys, layered on secure DNS (DNSSEC). Clients use DNSSEC to securely discover the
Flexible Internet Secure Transactions Based on Collaborative Domains
TLDR
This paper presents the cryptographic schemes needed to achieve confidentiality and authentication based on the collaboration of security domains and relies on the fact that key management and thus security services are easier to achieve inside a well confined domain.
A new approach to DNS security (DNSSEC)
TLDR
A new strategy to build chains of trust from root servers to authoritative servers is introduced, based on symmetric-key cryptography, that may result in a significantly more efficient protocol.
Layering a Public Key Distribution Service Over Secure DNS: "Everybody Comes to RIKS"
TLDR
A feature of this approach is that IKS derives its authentication authority from the authority DNS domains have over names, and the IKS architecture is loosely coupled with DNS to minimize the overhead on DNS servers.
Domain Name System Security Extensions
TLDR
Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures and are included in secured zones as resource records.
Secure Communication Scheme Applying MX Resource Record in DNSSEC Domain
TLDR
Two alternatives are proposed to distribute to private domain, having management independent from authorized DNS domain, increasing zone file size from accepting too many addresses of devices in DNSSEC.
A Modified Approach for the Domain Name System Security (DNSSEC)
TLDR
A modified approach to DNS Security using both Asymmetric and Symmetric cryptography to build a secure channel from the root servers to other authoritative servers and preserves existing features of the DNSSEC protocol with additional security levels.
Protection of DNS using HAVAL
The obligatory of IP addresses to host names became a major problem in the rapidly growing Internet and the higher level obligatory effort went through different stages of development up to the
Plugging the holes in host-based authentication
  • J. Reid
  • Computer Science
    Comput. Secur.
  • 1996
Windowed certificate revocation
  • P. Mcdaniel, S. Jamin
  • Computer Science
    Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
  • 2000
TLDR
This paper proposes a novel mechanism called windowed revocation that satisfies the security policies and requirements of existing mechanisms and, at the same time, reduces the burden on certificate servers and network resources.
...
...

References

SHOWING 1-10 OF 22 REFERENCES
Domain Name System Security Extensions
TLDR
Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures and are included in secured zones as resource records.
Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures
This document defines message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer in the Internet. It is intended to become
DNS and BIND Security Issues
  • P. Vixie
  • Computer Science
    USENIX Security Symposium
  • 1995
TLDR
It is observed that if BIND would just do what the DNS specifications say it should do, stop crashing, and start checking its inputs, then most of the existing security holes in DNS as practiced would go away.
Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services
This document describes three types of service in support of Internet Privacy-Enhanced Mail (PEM) [1-3]: key certification, certificate- revocation list (CRL) storage, and CRL retrieval.
Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management
This is one of a series of documents defining privacy enhancement mechanisms for electronic mail transferred using Internet mail protocols. [STANDARDS-TRACK]
Using the Domain Name System for System Break-ins
  • S. Bellovin
  • Computer Science
    USENIX Security Symposium
  • 1995
TLDR
It is demonstrated how the DNS can be abused to subvert system security, using a vulnerability first noticed by P.V. Mockapetris.
Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures
This document defines message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer in the Internet. [STANDARDS-TRACK]
Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers
This document provides definitions, formats, references, and citations for cryptographic algorithms, usage modes, and associated identifiers and parameters used in support of Privacy Enhanced Mail
DNS encoding of network names and other types
This RFC proposes two extensions to the Domain Name System: - A specific method for entering and retrieving RRs which map between network names and numbers. - Ideas for a general method for
Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers
This RFC provides definitions, references, and citations for algorithms, usage modes, and associated identifiers used in RFC-1113 and RFC-1114 in support of privacy-enhanced electronic mail.
...
...