NEWS


Computing Now Exclusive Content — July 2010

News Archive

July 2012

Gig.U Project Aims for an Ultrafast US Internet

June 2012

Bringing Location and Navigation Technology Indoors

May 2012

Plans Under Way for Roaming between Cellular and Wi-Fi Networks

Encryption System Flaw Threatens Internet Security

April 2012

For Business Intelligence, the Trend Is Location, Location, Location

Corpus Linguistics Keep Up-to-Date with Language

March 2012

Are Tomorrow's Firewalls Finally Here Today?

February 2012

Spatial Humanities Brings History to Life

December 2011

Could Hackers Take Your Car for a Ride?

November 2011

What to Do about Supercookies?

October 2011

Lights, Camera, Virtual Moviemaking

September 2011

Revolutionizing Wall Street with News Analytics

August 2011

Growing Network-Encryption Use Puts Systems at Risk

New Project Could Promote Semantic Web

July 2011

FBI Employs New Botnet Eradication Tactics

Google and Twitter "Like" Social Indexing

June 2011

Computing Commodities Market in the Cloud

May 2011

Intel Chips Step up to 3D

Apple Programming Error Raises Privacy Concerns

Thunderbolt Promises Lightning Speed

April 2011

Industrial Control Systems Face More Security Challenges

Microsoft Effort Takes Down Massive Botnet

March 2011

IP Addresses Getting Security Upgrade

February 2011

Studios Agree on DRM Infrastructure

January 2011

New Web Protocol Promises to Reduce Browser Latency

To Be or NAT to Be?

December 2010

Intel Gets inside the Helmet

Tuning Body-to-Body Networks with RF Modeling

November 2010

New Wi-Fi Spec Simplifies Connectivity

Expanded Top-Level Domains Could Spur Internet Real Estate Boom

October 2010

New Weapon in War on Botnets

September 2010

Content-Centered Internet Architecture Gets a Boost

Gesturing Going Mainstream

August 2010

Is Context-Aware Computing Ready for the Limelight?

Flexible Routing in the Cloud

Signal Congestion Rejuvenates Interest in Cell Paging-Channel Protocol

July 2010

New Protocol Improves Interaction among Networked Devices and Applications

Security for Domain Name System Takes a Big Step Forward

The ROADM to Smarter Optical Networking

Distributed Cache Goes Mainstream

June 2010

New Application Protects Mobile-Phone Passwords

WiGig Alliance Reveals Ultrafast Wireless Specification

Cognitive Radio Adds Intelligence to Wireless Technology

May 2010

New Product Uses Light Connections in Blade Server

April 2010

Browser Fingerprints Threaten Privacy

New Animation Technique Uses Motion Frequencies to Shake Trees

March 2010

Researchers Take Promising Approach to Chemical Computing

Screen-Capture Programming: What You See is What You Script

Research Project Sends Data Wirelessly at High Speeds via Light

February 2010

Faster Testing for Complex Software Systems

IEEE 802.1Qbg/h to Simplify Data Center Virtual LAN Management

Distributed Data-Analysis Approach Gains Popularity

Twitter Tweak Helps Haiti Relief Effort

January 2010

2010 Rings in Some Y2K-like Problems

Infrastructure Sensors Improve Home Monitoring

Internet Search Takes a Semantic Turn

December 2009

Phase-Change Memory Technology Moves toward Mass Production

IBM Crowdsources Translation Software

Digital Ants Promise New Security Paradigm

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

Security for Domain Name System Takes a Big Step Forward

by George Lawton

Several Internet domain-name administration agencies participated in a ceremony 16 June to generate the first master key for securing the Internet's Domain Name System (DNS). The production-scale rollout of DNS Security Extensions (DNSSec) on the root zone is scheduled for 15 July. "This will eliminate the last significant hurdle toward the widespread adoption of DNSSec," said Matt Larson, vice president of DNS Research at VeriSign.

DNSSec on the root zone will provide a common anchor of trust for securing the way domain names are translated into IP addresses. Participants in the signing ceremony included the Internet Corporation for Assigned Names and Numbers (ICANN), the US National Telecommunications and Information Administration, and VeriSign, which manages two of the world's 13 root-name servers.

DNSSec is an Internet Engineering Task Force (IETF) specification that provides a way of cryptographically signing DNS queries to prevent cache-poisoning attacks that can trick computer users into going to fake websites. Steven Bellovin first documented this attack vulnerability in 1990, but it proved difficult to carry out in practice. Work on DNSSec work began seriously in 1999 with the release of IETF RFC 2535, but progress was slow until 2008, when Dan Kaminsky published an easier method of launching cache-poisoning attacks. Since then, there have been many cases of fraud perpetrated by misdirecting users to bogus sites without their knowledge, said Larson.

Under the Cover

DNSSec is based on a recursive key-management system built using public-key cryptography. A master key authenticates top-level domain (TLD) keys, which in turn authenticate individual domain name keys. This helps simplify the problems associated between establishing a secure chain of trust between two individuals, since they can both share the same public key generated by the root-zone server.

Without such a system, attackers in the middle might listen to and copy an organization's key or substitute their own keys. By having the root signed, it becomes a lot easier to administer the servers that will validate a site using a key that is recursively signed by the root server.

The isolated networks of DNSSec have traditionally required DNS server administrators to configure the root certificates for each domain separately, which can be a challenge said Mark Beckett vice-president of Marketing and Product Management at Secure64, a DNSSec software vendor. With the signing of the root zone, a DNS administrator will only have to enter keys for the root zone, which will be able to globally authenticate the other zones. "It greatly eases the administrative burden for a lot of network operators," said Beckett.

Parallel Rollout

The DNSSec is rolling out on multiple parallel tracks. The registrars of TLDs, such as .net and .com, are moving to support the capability and provide keys that individual domain owners can use. DNS server administrators must also turn on the capabilities, which domain name owners must subsequently turn on and configure their name servers for. Finally, end-user software must be configured to support DNSSec management and policies on the use of this information.

Several country TLD registrars have already adopted DNSSec for their subdomains including Brazil, Bulgaria, the Czech Republic, and Sweden. The US Government also enabled DNSSec and mandated its use for all .gov and .mil sites in 2009. VeriSign launched DNSSec for the .org TLD in June and plans to add support for .edu in July. The company will support .net by the end of 2010 and .com in early 2011, said Larson.

The biggest issue lies in getting organizations that own domain names to participate, said Ed Stoner, network analyst with the CERT Program at the Carnegie Mellon University Software Engineering Institute. For DNSSec to be effective, most if not all organizations need to sign their zones. Key management systems must be in place both at the organizational level and at the registries and registrars. "Many registries and registrars have already done a lot of hard work to support this transition," said Stoner, "but there is still more work to do."

Another hurdle lies in deploying and using this information in client applications. There has been some progress in this area. Both Windows 7 and the Drill extension for Firefox now support DNSSec on the client. But the end user must decide what to do with this information if the DNSSec certificate information is faulty or the site hasn’t been upgraded.

Upgrades are also needed on firewalls, spam filters, and other Internet appliances that currently block the larger UDP packets used for carrying DNSSec data. Current DNS packets tend to max out at about 512 bytes, while typical DNSSec packets are expected to average around 1500 bytes, and some will be even larger, said Beckett.

July 15 will mark the launch of a long, gradual rollout, said Beckett. "It will encourage a more rapid adoption, but there will not be a big bang. It will take time before we see DNSSec doing what it was designed to do, which is protect consumers from having domains hijacked on them."

DNSSec might open the door for the DNS to securely authenticate information such as identity. "We will see more and more applications put information into DNS," Larson said, "because it will provide a secure way to send information without it being modified. We will see a flowering of uses of DNS as people put more information into it."

George Lawton is a freelance journalist based in Guerneville, CA. He can be reached via his website at http://glawton.com.