90 likes | 240 Views
RASD. Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007. Overview. We designed and implemented a system to secure DNS traffic on a local network. System Design Goals. Create trusted channels for name record information exchange
E N D
RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007
Overview • We designed and implemented a system to secure DNS traffic on a local network RASD - Weaver/Witmer - CS622
System Design Goals • Create trusted channels for name record information exchange • Rapid server-side push updates to cached name records RASD - Weaver/Witmer - CS622
Data Exchange Format • DNS traffic is UDP • Keep UDP on the client • Client/Server communication is XML over SSL RASD - Weaver/Witmer - CS622
Client Software • Listen and respond to local DNS queries, with caching • Listen for server-pushed name record updates RASD - Weaver/Witmer - CS622
Server Software • Listen for client DNS queries and respond, with caching • Wait for name record updates, and push to registered clients RASD - Weaver/Witmer - CS622
Prototype Results • <to be added, we’re not quite there yet> RASD - Weaver/Witmer - CS622
Further Research • Extended DNS handling • RASD Server discovery • Automatic Client Installation • SCOLD Environment testing • Standardized entry caching RASD - Weaver/Witmer - CS622
References • A. Friedlander, A. Mankin, WD Maughan, and S. Crocker. "DNSSEC: A Protocol Towards Securing the Internet Infrastructure". Communications of the ACM. Vol. 50, Num. 6. pp 44-50. June 2007. • G. Ateniese and S. Mangard. "A New Approach to DNS Security (DNSSEC)". Proceedings of the 8th ACM conference on Computer and Communications Security. pp 86-95. 2001. • C.E. Chow, Y. Cai, D. Wilkinson, and G. Godavari. "Secure Collective Defense System". Global Telecommunications Conference (GLOBECOM '04). Volume 4. pp 2245-2249. December 2004. RASD - Weaver/Witmer - CS622