Shah, S. W., Pan, L., Nguyen, D. D. N., Doss, R., Armstrong, W., & Gauravaram, P. (2024). Double-Signed Fragmented DNSSEC for Countering Quantum Threat. In Proceedings of Conference (C’24). ACM, New York, NY, USA, 13 pages. https://doi.org/XXXXXXX.XXXXXXX
This research paper aims to address the security vulnerabilities of the Domain Name System Security Extensions (DNSSEC) in the face of emerging quantum computing threats and explores the feasibility of a double-signed, fragmented DNSSEC approach as a solution.
The researchers developed a Docker-based DNSSEC testbed using BIND9 software, incorporating both pre-quantum and post-quantum digital signatures. They modified the BIND9 resolver to enable verification of both signature types and implemented a fragmentation strategy to handle the increased message size due to double signatures. The performance of this approach was then evaluated through empirical analysis.
The study found that double-signed DNSSEC, combining pre-quantum and post-quantum signatures, can be successfully implemented and has a negligible impact on DNS resolution time compared to using only post-quantum signatures. The fragmentation strategy effectively manages the increased message size, ensuring efficient and reliable DNSSEC operations.
The authors conclude that the double-signed, fragmented DNSSEC approach is a viable solution for enhancing DNSSEC security during the transition to a post-quantum era. This approach provides a robust defense against both classical and quantum computing attacks, ensuring the integrity and authenticity of DNS records.
This research significantly contributes to the field of cybersecurity by addressing a critical vulnerability in DNSSEC posed by quantum computing. The proposed double-signed approach offers a practical and effective solution for securing DNS infrastructure during the transition to post-quantum cryptography, ensuring the continued reliability and trustworthiness of the internet.
The study acknowledges the limitations of using a small-scale testbed and suggests further research on the performance of double-signed DNSSEC in large-scale, real-world deployments. Additionally, exploring the integration of other post-quantum cryptography candidates and evaluating their impact on DNSSEC performance is recommended.
Till ett annat språk
från källinnehåll
arxiv.org
Djupare frågor