Survey And Evaluation of Secure-DNS Alternatives Through Passive Measurements
Public Deposited- Resource Type
- Creator
- Abstract
As security was not among the original DNS design goals, over ten secure-DNS schemes have been proposed to improve security and privacy during the name resolution process. One of the schemes is DNS-over-TLS (DoT), which relies on the Internet's PKI for establishing trust in recursive resolvers. DoT's certificates, have not been investigated comprehensively. This thesis analyzes the certificate ecosystem of DoT in comparison to HTTPS. The results are so far promising. The thesis then surveys secure-DNS schemes, and presents an evaluation framework to assess their security, availability, privacy, and anonymity benefits. Our evaluation illustrates that none of the DNS schemes secures the complete path of the domain name resolution. The results shed light on the challenges of designing a comprehensive and widely-deployable secure-DNS scheme to secure the complete name resolution path. However, as some schemes can be combined, their resultant benefits can address individual shortcomings.
- Subject
- Language
- Publisher
- Thesis Degree Level
- Thesis Degree Name
- Thesis Degree Discipline
- Identifier
- Rights Notes
Copyright © 2021 the author(s). Theses may be used for non-commercial research, educational, or related academic purposes only. Such uses include personal study, research, scholarship, and teaching. Theses may only be shared by linking to Carleton University Institutional Repository and no part may be used without proper attribution to the author. No part may be used for commercial purposes directly or indirectly via a for-profit platform; no adaptation or derivative works are permitted without consent from the copyright owner.
- Date Created
- 2021
Relations
- In Collection:
Items
| Thumbnail | Title | Date Uploaded | Visibility | Actions |
|---|---|---|---|---|
|
|
sadeghijahromi-surveyandevaluationofsecurednsalternatives.pdf | 2023-05-05 | Public | Download |