Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, 2010 IEEE International Conference on (2010)
Minneapolis, Minnesota, USA
Aug. 20, 2010 to Aug. 22, 2010
This paper analyzes and compares country code Top Level Domain (ccTLD) administration policies. The study investigated the effect of security-related components of these policies on the ccTLD security to determine whether the strength of the security components had any significant effect on the rate of malicious activities in the domains. To achieve this, thirty ccTLDs were selected based on the Human Development Index (HDI), and the administrative policies of the ccTLDs were analyzed and compared for the content of security-related components. The analysis shows that 40% of the ccTLDs have security policies that can be classified as strong, 47% weak, and 13% have no domain security policies. We verified the hypothesis that the ccTLDs of countries with high HDI tend to have strong domain security-related policies, while ccTLDs of countries with medium and low HDI have weak or non-existent policies. The data analysis also confirmed that the lack of enforceable, strong security-related policies in ccTLD administration results in Internet domains that are vulnerable to abuses. The analysis shows that the number of malicious ccTLD domains (N) is inversely proportional to the rate of attacks (P) for ccTLDs with strong security-related policies, and directly proportional to the rate of attacks for ccTLDs with weak security-related policies. The paper also shows no significant correlation between involvement of governments in the domain registration process and the rate of attacks. The importance of the hybrid governance model that combines bottom-up and top-down security administration of the ccTLDs is emphasized in the paper.
ccTLD, domain security, security policies
D. Lindskog, C. Umana, P. Zavarsky, O. G. Ake-Johnson and R. Ruhl, "Comparative Analysis of ccTLD Security Policies," 2010 IEEE Second International Conference on Social Computing (SocialCom 2010). the Second IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT 2010)(SOCIALCOM), Minneapolis, MN, 2010, pp. 926-933.