Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense
文献类型:期刊论文
| 作者 | Fu, Yufan1,2; Lee, Xiaodong1,3; Wei, Jiuqi1,2; Li, Ying1,2; Peng, Botao1 |
| 刊名 | COMPUTER NETWORKS
 |
| 出版日期 | 2024-12-01 |
| 卷号 | 254页码:18 |
| 关键词 | DNS Cache poisoning attack Blockchain Smart contract Incentive mechanism |
| ISSN号 | 1389-1286 |
| DOI | 10.1016/j.comnet.2024.110777 |
| 英文摘要 | Domain Name System (DNS) is the backbone of the Internet infrastructure, converting human-friendly domain names into machine-processable IP addresses. However, DNS remains vulnerable to various security threats, such as cache poisoning attacks, where malicious attackers inject false information into DNS resolvers' caches. Although efforts have been made to enhance DNS against such vulnerabilities, existing countermeasures often fall short in one or more areas: they may offer limited resistance to the collusion attack, introduce significant overhead, or require complex implementation that hinders widespread adoption. To address these challenges, this paper introduces TI-DNS+, a trusted and incentivized blockchain-based DNS resolution architecture for cache poisoning defense. TI-DNS+ introduces a Verification Cache exploiting blockchain ledger's immutable nature to detect and correct forged DNS responses. The architecture also incorporates a multi-resolver Query Vote mechanism, enhancing the ledger's credibility by validating each record modification through a stake-weighted algorithm. This algorithm selects resolvers as validators based on their stake proportion. To promote well-behaved participation, TI-DNS+ also implements a novel stake-based incentive mechanism that optimizes the generation and distribution of stake rewards. This ensures that incentives align with participants' contributions, achieving incentive compatibility, fairness, and efficiency. Moreover, TI-DNS+ possesses high practicability as it requires only resolver-side modifications to current DNS. Finally, through comprehensive prototyping and experimental evaluations, the results demonstrate that our solution effectively mitigates DNS cache poisoning. Compared to competitors, our solution improves attack resistance by 1-3 orders of magnitude, while also reducing resolution latency by 5% to 68%. |
| 资助项目 | National Natural Science Foundation of China[62202450] ; National Natural Science Foundation of China[E051570] |
| WOS研究方向 | Computer Science ; Engineering ; Telecommunications |
| 语种 | 英语 |
| WOS记录号 | WOS:001319410300001 |
| 出版者 | ELSEVIER |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/39585]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Lee, Xiaodong |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, Lab Internet Infrastruct, Beijing, Peoples R China 2.Univ Chinese Acad Sci, Beijing, Peoples R China 3.Fuxi Inst, Heze 274000, Peoples R China |
| 推荐引用方式 GB/T 7714 | Fu, Yufan,Lee, Xiaodong,Wei, Jiuqi,et al. Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense[J]. COMPUTER NETWORKS,2024,254:18. |
| APA | Fu, Yufan,Lee, Xiaodong,Wei, Jiuqi,Li, Ying,&Peng, Botao.(2024).Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense.COMPUTER NETWORKS,254,18. |
| MLA | Fu, Yufan,et al."Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense".COMPUTER NETWORKS 254(2024):18. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。