CT-ISG Collaborative Research: DNS Security Revisited: Enabling Cryptographic Defenses in Large-Scale Distributed Systems

PIs: Lixia Zhang (UCLA), Songwu Lu (UCLA), and Dan Massey (Colorado State)

The Domain Name System (DNS) is a core Internet protocol and virtually all Internet applications rely on some form of DNS data. This project is identifying and addressing fundamental technical challenges in deploying the DNS Security Extensions (DNSSEC) in the global Internet. DNSSEC aims at enhancing DNS with data origin authentication and data integrity checking by applying well defined cryptographic solutions, however a number of system issues have arisen in the process of moving the cryptographic solution to real deployment. This project is first conducting a systematic assessment of the gap between the DNSSEC specification and the deployment constraints. For each identified technical challenge, the project is proposing, implementing, and evaluating specific solutions and then integrating such solutions into a unified design improvement.

DNSSEC deployment is critical to enhanced security in cyberspace, and this effort will help move it forward by overcoming existing roadblocks, foreseeing new obstacles on the road, and developing enabling techniques to clear these obstacles. The project will also extrapolate a set of lessons and principles on major challenges in deploying cryptographic protection in large scale systems, which will hopefully provide input into other cryptographic deployment effort, such as the global routing system.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
0524172
Program Officer
Karl Levitt
Project Start
Project End
Budget Start
2005-08-15
Budget End
2008-07-31
Support Year
Fiscal Year
2005
Total Cost
$160,000
Indirect Cost
Name
Colorado State University-Fort Collins
Department
Type
DUNS #
City
Fort Collins
State
CO
Country
United States
Zip Code
80523