[Busec] Help with a practice talk?

Sharon Goldberg goldbe at cs.bu.edu
Thu Feb 5 16:27:06 EST 2015


Paper abstract:


*NSEC5: Provably Preventing DNSSEC Zone Enumeration *

*Abstract: *    DNSSEC is designed to prevent network attackers from
tampering with domain name system (DNS) messages. The cryptographic
machinery used in DNSSEC, however, also creates a new vulnerability, zone
enumeration, enabling an adversary to use a small number of online DNSSEC
queries combined with offline dictionary attacks to learn which domain
names are present or absent in a DNS zone. We start by proving that the
design underlying current DNSSEC standard, with NSEC and NSEC3 records,
inherently suffers from zone enumeration: specifically, we show that
security against network attackers and privacy against zone enumeration
cannot be satisfied simultaneously unless the DNSSEC server performs online
public-key cryptographic operations. We then move on to proposing NSEC5, a
new cryptographic construction that solves the problem of DNSSEC zone
enumeration while remaining faithful to the operational realities of
DNSSEC.

On Thu, Feb 5, 2015 at 4:18 PM, Dimitris Papadopoulos <dipapado at bu.edu>
wrote:

> Hi all,
>
> If you are available tomorrow at 1pm, would you mind attending a practice
> talk for our paper (for NDSS'15 next week)?
>
> My co-author Asaf Ziv who is visiting from Israel will be giving the talk
> and your help will be much appreciated!
>
> Location: MCS 148
>
> Thanks!
>
> -Dimitris
>
>
> _______________________________________________
> Busec mailing list
> Busec at cs.bu.edu
> http://cs-mailman.bu.edu/mailman/listinfo/busec
>
>


-- 
Sharon Goldberg
Computer Science, Boston University
http://www.cs.bu.edu/~goldbe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20150205/488b9393/attachment.html>


More information about the Busec mailing list