An opportunistic encryption extension for the DNS protocol

TitleAn opportunistic encryption extension for the DNS protocol
Publication TypeConference Paper
Year of Publication2015
AuthorsBucuti, T, Dantu, R
Conference NameIntelligence and Security Informatics (ISI), 2015 IEEE International Conference on
Date PublishedMay
Keywordscomputer network security, cryptographic protocols, DNS protocol, DNS security, DNS transactions, encryption, Internet, opportunistic encryption extension, passive eavesdropping, performance requirements, personal privacy, pose real threats, Privacy, Protocols, Public key, servers

<p>Confidentiality for DNS transactions has been a low-priority concern in DNS security for a long time due to performance requirements for the functionality of DNS and the fact that data in the DNS is considered public. However, the information carried in DNS transactions, if collected and analyzed, can pose real threats to personal privacy. This makes DNS a good target for passive eavesdropping to collect data for many purposes some of which may be malicious. The protocol described in this document is intended to facilitate an opportunistic negotiation of encryption in the DNS to provide confidentiality for the last mile of DNS resolution. It defines procedures to discover encryption-aware servers and how to establish a relationship with them with minimum overhead.</p>


Publication Status:

UNT Department:

UNT Center:

UNT Lab: