A Longitudinal,{End-to-End} View of the {DNSSEC} Ecosystem
T Chung, R van Rijswijk-Deij… - 26th USENIX Security …, 2017 - usenix.org
The Domain Name System's Security Extensions (DNSSEC) allow clients and resolvers to
verify that DNS responses have not been forged or modified inflight. DNSSEC uses a public …
verify that DNS responses have not been forged or modified inflight. DNSSEC uses a public …
Mission accomplished? HTTPS security after DigiNotar
Driven by CA compromises and the risk of man-in-the-middle attacks, new security features
have been added to TLS, HTTPS, and the web PKI over the past five years. These include …
have been added to TLS, HTTPS, and the web PKI over the past five years. These include …
Compressive wide-band spectrum sensing
YL Polo, Y Wang, A Pandharipande… - 2009 IEEE International …, 2009 - ieeexplore.ieee.org
We present a compressive wide-band spectrum sensing scheme for cognitive radios. The
received analog signal at the cognitive radio sensing receiver is transformed in to a digital …
received analog signal at the cognitive radio sensing receiver is transformed in to a digital …
A high-performance, scalable infrastructure for large-scale active DNS measurements
R van Rijswijk-Deij, M Jonker… - IEEE journal on …, 2016 - ieeexplore.ieee.org
The domain name system (DNS) is a core component of the Internet. It performs the vital task
of mapping human readable names into machine readable data (such as IP addresses …
of mapping human readable names into machine readable data (such as IP addresses …
Understanding the role of registrars in DNSSEC deployment
The Domain Name System (DNS) provides a scalable, flexible name resolution service.
Unfortunately, its unauthenticated architecture has become the basis for many security …
Unfortunately, its unauthenticated architecture has become the basis for many security …
Measuring the practical impact of {DNSSEC} deployment
DNSSEC extends DNS with a public-key infrastructure, providing compatible clients with
cryptographic assurance for DNS records they obtain, even in the presence of an active …
cryptographic assurance for DNS records they obtain, even in the presence of an active …
Bitsquatting: Exploiting bit-flips for fun, or profit?
Over the last fifteen years, several types of attacks against domain names and the
companies relying on them have been observed. The well-known cybersquatting of domain …
companies relying on them have been observed. The well-known cybersquatting of domain …
Security of patched DNS
A Herzberg, H Shulman - … –ESORICS 2012: 17th European Symposium on …, 2012 - Springer
Most caching DNS resolvers still rely for their security, against poisoning, on validating that
the DNS responses contain some 'unpredictable'values, copied from the request. These …
the DNS responses contain some 'unpredictable'values, copied from the request. These …
The dns in iot: Opportunities, risks, and challenges
C Hesselman, M Kaeo, L Chapin, K Claffy… - IEEE internet …, 2020 - ieeexplore.ieee.org
The Internet of Things (IoT) is widely expected to make our society safer, smarter, and more
sustainable. However, a key challenge remains, which is how to protect users and Internet …
sustainable. However, a key challenge remains, which is how to protect users and Internet …
Downgrading {DNSSEC}: How to Exploit Crypto Agility for Hijacking Signed Zones
E Heftrig, H Shulman, M Waidner - 32nd USENIX Security Symposium …, 2023 - usenix.org
Cryptographic algorithm agility is an important property for DNSSEC: it allows easy
deployment of new algorithms if the existing ones are no longer secure. Significant …
deployment of new algorithms if the existing ones are no longer secure. Significant …