- Impact
- 24,447
Making DNSSEC Future Proof
PhD Thesis
Moritz Müller
Publication date: September 24, 2021
Abstract
The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms.
Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.
In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol.
Through these contributions, we make DNSSEC more future proof. Thereby, DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.
Read more
https://research.utwente.nl/en/publications/making-dnssec-future-proof
or
https://doi.org/10.3990/1.9789036551816
PhD Thesis
Moritz Müller
Publication date: September 24, 2021
Abstract
The security extensions for the DNS (DNSSEC) add integrity and authenticity to the Domain Name System. Without DNSSEC, messages in the DNS can be manipulated, and as a consequence, attackers could direct users to malicious content. DNSSEC protects against these kind of attacks with the help of public-key-cryptography algorithms.
Occasionally, these algorithms need to be replaced. This becomes necessary, for example, when an algorithm is not secure enough anymore. A development that could render all algorithms currently used in DNSSEC insecure are quantum computers. For this reason, it is necessary to understand how we can transition to more secure, quantum-safe, algorithms in the future.
In this thesis, we discuss the barriers operators face when replacing an algorithm in DNSSEC and propose and deploy solutions to simplify the transition. Also, we discuss which quantum-safe algorithms,currently assessed by the cryptography community, might be suitable for DNSSEC and whether we need to modify the DNSSEC protocol.
Through these contributions, we make DNSSEC more future proof. Thereby, DNSSEC is more prepared to protect the information in the DNS, and sub-sequentially the users on the Internet, against the threats to come.
Read more
https://research.utwente.nl/en/publications/making-dnssec-future-proof
or
https://doi.org/10.3990/1.9789036551816
Last edited: