1 / 11

RASD

RASD. Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007. Overview. We designed and implemented a scalable system to secure DNS traffic on a local network. System Design Goals. Create trusted channels for name record information exchange

roana
Download Presentation

RASD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007

  2. Overview • We designed and implemented a scalable system to secure DNS traffic on a local network RASD - Weaver/Witmer - CS622

  3. System Design Goals • Create trusted channels for name record information exchange • Rapid server-side push updates for cached client name records RASD - Weaver/Witmer - CS622

  4. Data Exchange Format • DNS traffic is UDP • Keep UDP on the client • Client/Server communication is XML over SSL RASD - Weaver/Witmer - CS622

  5. Client Software • Listen and respond to local DNS queries, with caching • Listen for server-pushed name record updates RASD - Weaver/Witmer - CS622

  6. Server Software • Listen for client DNS queries and respond, with caching • Wait for name record updates, and push to registered clients RASD - Weaver/Witmer - CS622

  7. Prototype Results RASD - Weaver/Witmer - CS622

  8. Prototype Results Average Time for 10 DNS Queries RASD - Weaver/Witmer - CS622

  9. Further Research • Extended DNS handling • RASD Server discovery • Automatic Client Installation • SCOLD Environment testing • Standardized entry caching RASD - Weaver/Witmer - CS622

  10. Conclusion • The architecture is valid • The implementation needs extension and refactoring • Numerous options for further research RASD - Weaver/Witmer - CS622

  11. References • [1] A. Friedlander, A. Mankin, WD Maughan, and S. Crocker. "DNSSEC: A Protocol Towards Securing the Internet Infrastructure". Communications of the ACM. Vol. 50, Num. 6. pp 44-50. June 2007. • [2] G. Ateniese and S. Mangard. "A New Approach to DNS Security (DNSSEC)". Proceedings of the 8th ACM conference on Computer and Communications Security. pp 86-95. 2001. • [3] C.E. Chow, Y. Cai, D. Wilkinson, and G. Godavari. "Secure Collective Defense System". Global Telecommunications Conference (GLOBECOM '04). Volume 4. pp 2245-2249. December 2004. • [4] Website: “DNS Tester”. http://www.codeproject.com/KB/IP/DNSTester.aspx. • [5] Website: “Dig DNS Query Tool“. http://members.shaw.ca/nicholas.fong/dig/. RASD - Weaver/Witmer - CS622

More Related