A Probabilistic Model Against DNS Cache Poisoning Attack Under Multiple Resolvers

• Main Authors: Jeng , Jian-Ming, 鄭健明
• Other Authors: Sun, Hung-Ming
• Format: Others
• Language: en_US
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/59364904777778432906

碩士 === 國立清華大學 === 資訊工程學系 === 98 === Domain name system (DNS) is one of the core services on the Internet. For DNS, the most famous attack is DNS cache poisoning attack. Via cache poisoning, records in DNS cache could be tampered by an adversary. If a client query the compromised DNS server, he would connect to a malicious host located with an incorrect IP address. To prevent DNS cache poisoning, various approaches have been proposed to enhance DNS security. Without using cryptographic techniques, they can only raise the entropy rather than preventing from DNS cache poisoning. Several works raise the strength of security by querying multiple resolvers; returned results are used to verify the credibility of the IP addresses they connect with. However, the security is still not easy to evaluate as similar as conventional cryptographic approaches, e.g., DNSSEC. In this thesis, we propose a probabilistic model to evaluate the successful probability of cache poisoning under reasonable setting, e.g., ability of adversary or multiple resolvers architecture. Based on analyzed results we utilize our model to improve and promote the security of the approaches based on multiple resolvers.