This Article 
 Bibliographic References 
 Add to: 
Deploying Cryptography in Internet-Scale Systems: A Case Study on DNSSEC
September/October 2011 (vol. 8 no. 5)
pp. 656-669
Hao Yang, IBM T. J. Watson Research Center, Hawthorne
Eric Osterweil, University of California Los Angeles, Los Angeles
Dan Massey, Colorado State University, Ft Collins
Songwu Lu, University of California Los Angeles, Los Angeles
Lixia Zhang, University of California Los Angeles, Los Angeles
The DNS Security Extensions (DNSSEC) are among the first attempts to deploy cryptographic protections in an Internet-scale operational system. DNSSEC applies well-established public key cryptography to ensure data integrity and origin authenticity in the DNS system. While the cryptographic design of DNSSEC is sound and seemingly simple, its development has taken the IETF over a decade and several protocol revisions, and even today its deployment is still in the early stage of rolling out. In this paper, we provide the first systematic examination of the design, deployment, and operational challenges encountered by DNSSEC over the years. Our study reveals a fundamental gap between cryptographic designs and operational Internet systems. To be deployed in the global Internet, a cryptographic protocol must possess several critical properties including scalability, flexibility, incremental deployability, and ability to function in face of imperfect operations. We believe that the insights gained from this study can offer valuable inputs to future cryptographic designs for other Internet-scale systems.

[1] "The State and Challenges of the Dnssec Deployment," NANOG 44, SundayOsterweil_DNSSEC_N44.pdf, 2008.
[2] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "DNS Security Introduction and Requirement," RFC 4033, Mar. 2005.
[3] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "Protocol Modifications for the DNS Security Extensions," RFC 4035, Mar. 2005.
[4] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "Resource Records for the DNS Security Extensions," RFC 4034, Mar. 2005.
[5] D. Atkins and R. Austein, "Threat Analysis of the DNS," RFC 3833, 2004.
[6] S. Bellovin, "Using the DNS for System Break-Ins," Proc. Usenix Security Symp., 1995.
[7] S. Bellovin, J. Schiller, and C. Kaufman, "Security Mechanisms for the Internet," RFC 3631, 2003.
[8] D. Eastlake, "DNS Security Extensions," RFC 2535, 1999.
[9] D. Eastlake and C. Kaufman, "DNS Security Extensions," RFC 2065, 1997.
[10] T. I. I. Foundation. .se Top Level Domain. http:/, 2011.
[11] IANA, "Interim Trust-Anchor Repository," https:/, 2011.
[12] Internet Research Lab, UCLA CS Department, "The SecSpider DNSSEC Monitoring Project," http:/, 2011.
[13] O. Kolkman and R. Gieben, "DNSSEC Operational Practices," RFC 4641, Sept. 2006.
[14] O. Kolkman, J. Schlyter, and E. Lewis, "Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag," RFC 3757, 2004.
[15] B. Laurie, "Distributing Keys for DNSSEC," Internet Draft, Sept. 2004.
[16] B. Laurie, G. Sisson, and R. Arends, "DNS Security (DNSSEC) Hash Authenticated Denial of Existence," RFC 5155, Feb. 2008.
[17] D. Massey, E. Lewis, O. Gudmundsson, R. Mundy, and A. Mankin, "Public Key Validation for the DNS Security Extensions," Proc. Information Survivability Conf. and Exposition (DISCEX II), 2001.
[18] P. Mockapetris, "Domain Names: Concepts and Facilities," RFC 1034, 1987.
[19] P. Mockapetris, "Domain Names: Implementation and Specification," RFC 1035, 1987.
[20] R. Nielsen, "Observations from the Deployment of a Large Scale PKI," Proc. Fourth Ann. PKI R and D Workshop: Multiple Paths to Trust, 2005.
[21] Nominet "Nominet DNSSEC Testbed," http://www.nominet. /, 2011.
[22] E. Osterweil, D. Massey, B. Tsendjav, B. Zhang, and L. Zhang, "Security through Publicity," Proc. First USENIX Workshop Hot Topics in Security, 2006.
[23] E. Osterweil, V. Pappas, D. Massey, and L. Zhang, "Zone State Revocation for DNSSEC," Proc. ACM Sigcomm Workshop Large Scale Attack Defenses (LSAD), 2007.
[24] E. Osterweil, M. Ryan, D. Massey, and L. Zhang, "Quantifying the Operational Status of the DNSSEC Deployment," IMC '08: Proc. Eighth ACM SIGCOMM Conf. Internet Measurement. 2008.
[25] V. Pappas, P. Fltstrm, D. Massey, and L. Zhang, "Distributed DNS Troubleshooting," Proc. ACM SIGCOMM Network Troubleshooting Workshop, 2004.
[26] V. Pappas, Z. Xu, S. Lu, D. Massey, A. Terzis, and L. Zhang, "Impact of Configuration Errors on DNS Robustness," Proc. ACM SIGCOMM, 2004.
[27] P. I. R. (PIR). .Org Top Level Domain. , 2011.
[28] B. Schneier, "Why Cryptograph Is Harder than It Looks," White Paper, Counterpane Systems, 1997.
[29] M. StJohns, "Signature-Only DNSSEC: A Simplified Approach," Internet Draft, Oct. 2006.
[30] M. StJohns, "Automated Updates of DNS Security (DNSSEC) Trust Anchors," RFC 5011, Sept. 2007.
[31] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound, "Dynamic Updates in the DNS," RFC 2136, 1997.
[32] S. Weiler and J. Ihren, "Minimally Covering NSEC Records and DNSSEC On-Line Signing," RFC 4470, Apr. 2006.
[33] Wikiquote "Yogi Berra—Wikiquote," , 2007.

Index Terms:
DNSSEC, PKI hierarchy, incremental deployment, key rollover, key revocation, heterogeneous operations, distributed monitoring.
Hao Yang, Eric Osterweil, Dan Massey, Songwu Lu, Lixia Zhang, "Deploying Cryptography in Internet-Scale Systems: A Case Study on DNSSEC," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 5, pp. 656-669, Sept.-Oct. 2011, doi:10.1109/TDSC.2010.10
Usage of this product signifies your acceptance of the Terms of Use.