Resource Records for the DNS Security Extensions

Larson, Matt; Massey, Dan; Rose, Scott; Arends, Roy; Austein, Rob

doi:10.17487/rfc4034

Cited by 216 publications

(225 citation statements)

References 6 publications

(16 reference statements)

Supporting

Mentioning

216

Contrasting

Unclassified

Order By: Relevance

“…The DNR and HNR records are stored in the similar manner as DNSSEC [8] records. On top of that, we defined some new resource records such as HID and PK to store the host ID and public key, respectively.…”

Section: Methodsmentioning

confidence: 99%

“…For example, although HIP uses certificates and public keys to establish secured sessions between hosts, it does not cover the security of ID/locator mapping servers or registries. DNS Security (DNSSEC) [8] provides integrity protection of records retrieved from a DNS server. However, the DNS structure itself is not favorable for frequently updating the records in the server although it is favorable for faster and efficient retrieval of static records.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design and Implementation of Security for HIMALIS Architecture of Future Networks

Kafle

Inoue

et al. 2013

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYFor flexibility in supporting mobility and multihoming in edge networks and scalability of the backbone routing system, future Internet is expected to be based on the concept of ID/locator split. Heterogeneity Inclusion and Mobility Adaptation through Locator ID Separation (HIMALIS) has been designed as a generic future network architecture based on ID/locator split concept. It can natively support mobility, multihoming, scalable backbone routing and heterogeneous protocols in the network layer of the new generation network or future Internet. However, HIMALIS still lacks security functions to protect itself from various attacks during the procedures of storing, updating, and retrieving of ID/locator mappings, such as impersonation attacks. Therefore, in this paper, we address the issues of security functions design and implementation for the HIMALIS architecture. We present an integrated security scheme consisting of mapping registration and retrieval security, network access security, communication session security, and mobility security. Through the proposed scheme, the hostname to ID and locator mapping records can be securely stored and updated in two types of name registries, domain name registry and host name registry. Meanwhile, the mapping records retrieved securely from these registries are utilized for securing the network access process, communication sessions, and mobility management functions. The proposed scheme provides comprehensive protection of both control and data packets as well as the network infrastructure through an effective combination of asymmetric and symmetric cryptographic functions. key words: ID/locator split architecture, security, new generation network, future network

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Design and Implementation of Security for HIMALIS Architecture of Future Networks

Kafle

Inoue

et al. 2013

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…The same argument applies to "CDNSKEY 0 3 0 0"; the value 3 in the second field is mandated by [RFC4034], Section 2.1.2.…”

Section: Dnssec Delete Algorithmmentioning

confidence: 97%

Managing DS Records from the Parent via CDS/CDNSKEY

Guðmundsson¹,

Wouters²

2017

View full text Add to dashboard Cite

show abstract

“…DNSSEC, which is broadly defined in [RFC4033], [RFC4034], and [RFC4035], uses cryptographic keys and digital signatures to provide authentication of DNS data. Currently, the most popular signature algorithm in use is RSA.…”

Section: Introductionmentioning

confidence: 99%

Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC

Surý¹,

Edmonds²

2017

View full text Add to dashboard Cite

Resource Records for the DNS Security Extensions

Cited by 216 publications

References 6 publications

Design and Implementation of Security for HIMALIS Architecture of Future Networks

Design and Implementation of Security for HIMALIS Architecture of Future Networks

Managing DS Records from the Parent via CDS/CDNSKEY

Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC

Contact Info

Product

Resources

About