Defending Against Denial of Service Attacks Using Secure Name Resolution

This paper proposes a technique to foil DoS (Denial of Service) attacks. The proposed technique converts a static service to a relocating service and provides information of the new location only to the specific pre-registered client groups while hiding it from others. The Nameserver, responsible for advertising the address of the service, publishes only the encrypted address for the service. Only pre-registered clients get the key (needed for decryption), after being authenticated by the Key Server, which is entrusted with the distribution of key(s). A DoS attack becomes difficult to execute, as the attacker does not know the precise location to attack. In addition, the proposed technique facilitates quick restoration of services in the event of an attack. We also show that this solution can be implemented with a low run

[1]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[2]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[3]  Paul Albitz,et al.  DNS and BIND , 1994 .

[4]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[5]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[6]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Brian Wellington,et al.  Secret Key Transaction Authentication for DNS (TSIG) , 2000, RFC.

[9]  Partha Dasgupta,et al.  SIMS: a secure information management system for large-scale dynamic coalitions , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[10]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .