This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Interadministrative Challenges in Managing DNSKEYs
September/October 2009 (vol. 7 no. 5)
pp. 44-51
ASCII Text
x 
 
Eric Osterweil, Lixia Zhang, "Interadministrative Challenges in Managing DNSKEYs," IEEE Security & Privacy, vol. 7, no. 5, pp. 44-51, September/October, 2009.
 
 
BibTex
x
 
@article{ 10.1109/MSP.2009.126,
author = {Eric Osterweil and Lixia Zhang},
title = {Interadministrative Challenges in Managing DNSKEYs},
journal ={IEEE Security & Privacy},
volume = {7},
number = {5},
issn = {1540-7993},
year = {2009},
pages = {44-51},
doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.126},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - MGZN
JO - IEEE Security & Privacy
TI - Interadministrative Challenges in Managing DNSKEYs
IS - 5
SN - 1540-7993
SP44
EP51
EPD - 44-51
A1 - Eric Osterweil,
A1 - Lixia Zhang,
PY - 2009
KW - network-level security and protection
KW - communication/networking and information technology
KW - computer systems organization
KW - network management
KW - network operations
KW - public key cryptosystems
KW - data encryption
VL - 7
JA - IEEE Security & Privacy
ER -
 
Eric Osterweil, University of California, Los Angeles
Lixia Zhang, University of California, Los Angeles
The Domain Name System (DNS) has been a critical component of the Internet since the 1980s. Incidents from the wild, such as recent cache poisoning exploits, emphasize that it's vulnerable to attacks. DNS Security Extensions (DNSSEC) define a way to use cryptography for end-to-end protection of DNS data. Although the visible deployment of DNSSEC has grown at a tremendous rate, evidence suggests that the management of cryptographic keys is deceptively complex and has led to visible misconfigurations. Here, the authors outline the problem of managing DNSKEYs as it stands today, and where there exist competing proposed solutions, present a survey comparison.

1. P. Mockapetris and K.J. Dunlap, "Development of the Domain Name System," Proc. SIGCOMM Conf. (SIGCOMM 88), ACM Press, 1988, pp. 123–133.
2. CERT, Cert vulnerability note vu#800113, 2008; www.kb.cert.org/vuls/id/800113.
3. R. Arends et al., DNS Security Introduction and Requirement, IETF RFC 4033, Mar. 2005; www.ietf.org/rfc/rfc4033.txt.
4. R. Arends et al., Resource Records for the DNS Security Extensions, IETF RFC 4034, Mar. 2005; www.ietf.org/rfc/rfc4034.txt.
5. R. Arends et al., Protocol Modifications for the DNS Security Extensions, IETF RFC 4035, Mar. 2005; www.ietf.org/rfc/rfc4035.txt.
6. S.M. Bellovin, "Using the Domain Name System for System Break-ins," Proc. 5th Usenix Unix Security Symp., Usenix Assoc., 1995, pp. 199–208.
7. D. Atkins and D. Austein, Threat Analysis of the Domain Name System (DNS), IETF RFC 3833, Aug. 2004; www.ietf.org/rfc/rfc3833.txt.
8. O. Kolkman and R. Gieben, DNSSEC Operational Practices, IETF RFC 4641, Sept. 2006; www.ietf.org/rfc/rfc4641.txt.
9. E. Osterweil et al., "Quantifying the Operational Status of the DNSSEC Deployment," Proc. 8th ACM SIGCOMM Conf. Internet Measurement (IMC 08), ACM Press, 2008, pp. 231–242.
10. S. Weiler, DNSSEC Lookaside Validation (DLV), IETF RFC 5074, Sparta, Nov. 2007; www.ietf.org/rfc/rfc5074.txt.

Index Terms:
network-level security and protection, communication/networking and information technology, computer systems organization, network management, network operations, public key cryptosystems, data encryption
Citation:
Eric Osterweil, Lixia Zhang, "Interadministrative Challenges in Managing DNSKEYs," IEEE Security & Privacy, vol. 7, no. 5, pp. 44-51, Sept.-Oct. 2009, doi:10.1109/MSP.2009.126
Usage of this product signifies your acceptance of the Terms of Use.