A Blockchain-based DNSSEC Public Key Verification Scheme

被引：0

作者：

Chen W.-Y. ^{[1
,2
,3
]}

Li X.-D. ^{[1
]}

Yang X. ^{[3
]}

Xu Y.-Z. ^{[4
]}

机构：

[1] Institute of Computing Technology, Chinese Academy of Sciences, Beijing

[2] University of Chinese Academy of Sciences, Beijing

[3] China Internet Network Information Center, Beijing

[4] Guangdong-Hong Kong-Macao Greater Bay Area (GBA) Research Innovation Institute for Nanotechnology, Guangzhou

来源：

Zidonghua Xuebao/Acta Automatica Sinica | 2023年 / 49卷 / 04期

关键词：

blockchain; cryptographic accumulator; Domain name system security extensions (DNSSEC); public key infrastructure (PKI);

D O I：

10.16383/j.aas.c201082

中图分类号：

学科分类号：

摘要：

To solve the problem of the complexity of chain-of-trust and the unilateral governance caused by the centralized domain name system security extensions (DNSSEC) architecture, a decentralized DNSSEC public key verification mechanism is proposed. By introducing blockchain structure design, cryptographic accumulator, and consensus algorithm, the proposed mechanism gives radical new key binding, rotation, and verification operations leveraging blockchain technologies enables the use of trustful public key verification without any centralized authorities. Further analysis and experiments show that the proposed mechanism consistently perform the order of magnitude better key verification performance, as well as achieve a good trade-off between key management complexity and security. © 2023 Science Press. All rights reserved.

引用

页码：731 / 743

页数：12

共 25 条

[1] Mockapetris P V., Domain names — Concepts and facilities, (1987)
[2] Mockapetris P V., Domain names — Implementation and specification, (1987)
[3] Shulman H, Waidner M., One key to sign them all considered vulnerable: Evaluation of DNSSEC in the internet, Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation, pp. 131-144, (2017)
[4] Arends R, Austein R, Larson M, Massey D, Rose S., Resource records for the DNS security extensions, (2005)
[5] Yang H, Osterweil E, Massey D, Lu S W, Zhang L X., Deploying cryptography in Internet-scale systems: A case study on DNSSEC, IEEE Transactions on Dependable and Secure Computing, 8, 5, pp. 656-669, (2011)
[6] DNSSEC deployment report
[7] Chung T, Van Rijswijk-Deij R, Chandrasekaran B, Choffnes D, Levin D, Maggs B M, Et al., A longitudinal, end-to-end view of the DNSSEC ecosystem, Proceedings of the 26th USENIX Conference on Security Symposium, pp. 1307-1322, (2017)
[8] Yuan Yong, Ni Xiao-Chun, Zeng Shuai, Wang Fei-Yue, Blockchain consensus algorithms: The state of the art and future trends, Acta Automatica Sinica, 44, 11, pp. 2011-2022, (2018)
[9] Hari A, Lakshman T V., The Internet blockchain: A distributed, tamper-resistant transaction framework for the Internet, Proceedings of the 15th ACM Workshop on Hot Topics in Network, pp. 204-210, (2016)
[10] Namecoin

← 1 2 3 →