Dynamic DNS update security, based on cryptographically generated addresses and ID-based cryptography, in an IPv6 autoconfiguration context

This paper proposes a new security method for protecting signalling for Domain Name System (DNS) architecture. That is, it makes secure DNS update messages for binding a Fully Qualified Domain Name (FQDN) of an IPv6 node and the IPv6 address of the node owning this FQDN. This method is based on the use of Cryptographically Generated Addresses (CGA) and IDBased Cryptography (IBC). Combination of these two techniques allows DNS server to check the ownership of the IPv6 address and the FQDN, sent by the DNS client. In addition, this paper describes how this method has been implemented.

Mots clés

IPv6 DNS update Security ID-based cryptography Cryptographically generated addresses

Domaines

Cryptographie et sécurité [cs.CR] Réseaux et télécommunications [cs.NI]

Fichier principal

2012-ARES-DNS-CGA-combes-Arfaoui.pdf (1.29 Mo)

Origine : Fichiers produits par l'(les) auteur(s)

Médiathèque Télécom SudParis & Institut Mines-Télécom Business School : Connectez-vous pour contacter le contributeur

https://hal.science/hal-00756609

Soumis le : vendredi 23 novembre 2012-13:10:49

Dernière modification le : vendredi 24 mars 2023-14:52:56

Archivage à long terme le : dimanche 24 février 2013-03:50:19

Dates et versions

hal-00756609 , version 1 (23-11-2012)

Identifiants

HAL Id : hal-00756609 , version 1
DOI : 10.1109/ARES.2012.69

Citer

Jean-Michel Combes, Ghada Arfaoui, Maryline Laurent. Dynamic DNS update security, based on cryptographically generated addresses and ID-based cryptography, in an IPv6 autoconfiguration context. AReS '12 : The 7th International Conference on Availability, Reliability and Security, Aug 2012, Prague, Czech Republic. pp.206-211, ⟨10.1109/ARES.2012.69⟩. ⟨hal-00756609⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

INSTITUT-TELECOM CNRS TELECOM-SUDPARIS

107 Consultations

719 Téléchargements