DNSTSM: DNS Cache Resources Trusted Sharing Model Based on Consortium Blockchain

The inseparable internet requirements and the endless stream of cyber-attacks have led to strong demand for trusted IP addresses. However, the existing collaborative DNS security schemes have the defects of low credibility and imperfect incentive mechanism. Enlightened by the Consortium blockchain technology, we propose a novel DNS Cache Resources Trusted Sharing Model, which can improve the credibility of DNS resolution results by establishing a complete chain of trust. Firstly, the consortium blockchain is introduced as the carrier of the peer-to-peer network to reduce the impact of illegal access and complicity tampering on the DNS cache credibility; Secondly, the evaluation index of the node credibility in the DNS cache sharing model is proposed, and the trust-based incentive mechanism is designed to reduce the impact of free-riding behavior and on the trusted performance of the system. The two indicators of node abnormal behavior similarity and roundtrip time between nodes are used to comprehensively evaluate the degree of recommendation of the node and serve as the basis for dynamic scheduling; Finally, we use the stochastic distributed decentralized storage mechanism to solve the problem of low efficiency in the consortium blockchain. The simulation results show that the model has certain advantages in ensuring the credibility of domain name resolution results, and maintains the ideal efficiency while ensuring trust.

[1]  Yuanzhuo Wang,et al.  Prevent DNS Cache Poisoning Using Security Proxy , 2011, 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies.

[2]  Deepak Puthal,et al.  Everything You Wanted to Know About the Blockchain: Its Promise, Components, Processes, and Problems , 2018, IEEE Consumer Electronics Magazine.

[3]  Sherali Zeadally,et al.  A survey on privacy protection in blockchain system , 2019, J. Netw. Comput. Appl..

[4]  Kenneth G. Paterson,et al.  An Analysis of DepenDNS , 2010, ISC.

[5]  Zhe Wang,et al.  CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups , 2004, OSDI.

[6]  Ramaswamy Chandramouli,et al.  Challenges in securing the domain name system , 2006, IEEE Security & Privacy Magazine.

[7]  Vivek S. Pai,et al.  ConfiDNS: Leveraging Scale and History to Improve DNS Security , 2006, WORLDS.

[8]  Yue Fu,et al.  Meta-Key: A Secure Data-Sharing Protocol Under Blockchain-Based Decentralized Storage Architecture , 2017, IEEE Networking Letters.

[9]  Hung-Min Sun,et al.  DepenDNS: Dependable Mechanism against DNS Cache Poisoning , 2009, CANS.

[10]  Jonathan Trostle,et al.  Protecting against DNS cache poisoning attacks , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.

[11]  Xiaohong Zhang,et al.  Data Security Sharing and Storage Based on a Consortium Blockchain in a Vehicular Ad-hoc Network , 2019, IEEE Access.

[12]  Chen-Nee Chuah,et al.  DoX: A Peer-to-Peer Antidote for DNS Cache Poisoning Attacks , 2006, 2006 IEEE International Conference on Communications.

[13]  Chen-Nee Chuah,et al.  A Proxy View of Quality of Domain Name Service , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[14]  Amir Herzberg,et al.  Antidotes for DNS Poisoning by Off-Path Adversaries , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[15]  Muneeb Ali,et al.  Blockstack: A Global Naming and Storage System Secured by Blockchains , 2016, USENIX Annual Technical Conference.

[16]  Hui Li,et al.  ConsortiumDNS: A Distributed Domain Name Service Based on Consortium Chain , 2017, 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[17]  Vladimiro Sassone,et al.  Differentially Private Data Sharing in a Cloud Federation with Blockchain , 2018, IEEE Cloud Computing.

[18]  Bin Li,et al.  A Data Storage Method Based on Blockchain for Decentralization DNS , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).

[19]  I. M. M. Dissanayake DNS Cache Poisoning: A Review on its Technique and Countermeasures , 2018, 2018 National Information Technology Conference (NITC).