Advanced Search

A scalable Byzantine fault tolerant secure domain name system

Research and Teaching Output of the MIT Community

Show simple item record

dc.contributor.advisor Barbara Liskov. en_US Ahmed, Sarah, 1975- en_US
dc.contributor.other Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. en_US 2005-08-23T16:29:38Z 2005-08-23T16:29:38Z 2001 en_US 2001 en_US
dc.description Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2001. en_US
dc.description Includes bibliographical references (p. 98-101). en_US
dc.description.abstract The domain name system is the standard mechanism on the Internet to advertise and access important information about hosts. At its inception, DNS was not designed to be a secure protocol. The biggest security hole in DNS is the lack of support for data integrity authentication, source authentication, and authorization. To make DNS more robust, a security extension of the domain name system (DNSSEC) was proposed by the Internet Engineering task force (IETF) in late 1997. The basic idea of the DNS security extension is to provide data integrity and origin authentication by means of cryptographic digital signatures. However, the proposed extension suffers from some security flaws. In this thesis, we discuss the security problems of DNS and its security extension. As a solution, we present the design and implementation of a Byzantine-fault-tolerant domain name system. The system consists of 3f+1 tightly coupled name servers and guarantees safety and liveness properties assuming no more than f replicas are faulty within a small window of vulnerability. To authenticate communication between a client and a server to provide per-query data authentication, we propose to use symmetric key cryptography. To address scalability concerns, we propose a hierarchical organization of name servers with a hybrid of iterative and recursive query resolution approaches. The issue of cache inconsistency is addressed by designing a hierarchical cache with an invalidation protocol using leases. Because of the use of hierarchical state partitioning and caching to achieve scalability in DNS, we develop an efficient protocol that allows replicas in a group to request operations from another group using very few messages. We show that the scalable Byzantine-fault tolerant domain name system, while providing a much higher degree of security and reliability, performs as well or even better than an implementation of the DNS security extension. en_US
dc.description.statementofresponsibility by Sarah Ahmed. en_US
dc.format.extent 101 p. en_US
dc.format.extent 8477280 bytes
dc.format.extent 8477040 bytes
dc.format.mimetype application/pdf
dc.format.mimetype application/pdf
dc.language.iso eng en_US
dc.publisher Massachusetts Institute of Technology en_US
dc.rights M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. en_US
dc.subject Electrical Engineering and Computer Science. en_US
dc.title A scalable Byzantine fault tolerant secure domain name system en_US
dc.title.alternative Scalable Byzantine-fault-tolerant secure DNS en_US
dc.type Thesis en_US M.Eng. en_US
dc.contributor.department Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. en_US
dc.identifier.oclc 48983026 en_US

Files in this item

Name Size Format Description
48983026-MIT.pdf 4.879Mb PDF Full printable version

This item appears in the following Collection(s)

Show simple item record