Delay Fast Packets (DFP): Prevention of DNS cache poisoning

Shimrit Tzur-David*, Kiril Lashchiver, Danny Dolev, Tal Anker

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

The Domain Name System (DNS) protocol is used as a naming system for computers, services, or any other network resource. This paper presents a solution for the cache poisoning attack in which the attacker inserts incorrect data into the DNS cache. In order to successfully poison the cache, the attacker response must beat the real response in the race back to the local DNS server. In our model, we assume an eavesdropping attacker that can construct a response that is identical to the legal response. The primary aim of our solution is to construct a normal profile of the round trip time from when the request is sent until the arrival of the response, and then to search for anomalies of the constructed profile. In order to poison the cache of a DNS server, the attacker has to know the source port and the Transaction ID (TID) of the request. As far as we know, all current solutions which do not change the protocol, assume an attacker that cannot see the request and therefore has to guess the TID. All these solutions try to increase entropy in order to make the guesswork harder. In our strict model, increasing entropy is useless. We in no way claim that our scheme is flawless. Nevertheless, this effort represents the first step towards preserving the DNS cache assuming an eavesdropping attacker.

Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks - 7th International ICST Conference, SecureComm 2011, Revised Selected Papers
Pages303-318
Number of pages16
DOIs
StatePublished - 2012
Event7th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2011 - London, United Kingdom
Duration: 7 Sep 20119 Sep 2011

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume96 LNICST
ISSN (Print)1867-8211

Conference

Conference7th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2011
Country/TerritoryUnited Kingdom
CityLondon
Period7/09/119/09/11

Keywords

  • Cache poisoning attack
  • DNS
  • Web security

Fingerprint

Dive into the research topics of 'Delay Fast Packets (DFP): Prevention of DNS cache poisoning'. Together they form a unique fingerprint.

Cite this