Title | An opportunistic encryption extension for the DNS protocol |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Bucuti, T, Dantu, R |
Conference Name | Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on |
Date Published | May |
Keywords | computer network security, cryptographic protocols, DNS protocol, DNS security, DNS transactions, encryption, Internet, opportunistic encryption extension, passive eavesdropping, performance requirements, personal privacy, pose real threats, Privacy, Protocols, Public key, servers |
Abstract |
Confidentiality for DNS transactions has been a low-priority concern in DNS security for a long time due to performance requirements for the functionality of DNS and the fact that data in the DNS is considered public. However, the information carried in DNS transactions, if collected and analyzed, can pose real threats to personal privacy. This makes DNS a good target for passive eavesdropping to collect data for many purposes some of which may be malicious. The protocol described in this document is intended to facilitate an opportunistic negotiation of encryption in the DNS to provide confidentiality for the last mile of DNS resolution. It defines procedures to discover encryption-aware servers and how to establish a relationship with them with minimum overhead. |
DOI | 10.1109/ISI.2015.7165976 |