Self-certified root implementation method based on open source DNS software

An implementation method and software technology, applied in the field of self-certification root implementation based on open source DNS software, can solve the problems of root zone glue records being tampered with and not providing a root zone glue record signature mechanism, etc., to achieve the effect of improving security

Active Publication Date: 2019-07-30
HARBIN INST OF TECH
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a self-certified root implementation method based on open source DNS software, in order to solve the problem t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Self-certified root implementation method based on open source DNS software
  • Self-certified root implementation method based on open source DNS software
  • Self-certified root implementation method based on open source DNS software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The self-certifying root scheme is a secure DNS encryption scheme in which the root zone data itself can self-certify the authenticity of the source. It is proposed to address the hidden danger of possible tampering of the root zone glue record in the existing DNSSEC scheme because it does not provide a signature mechanism. Self-certification root mainly contains three design goals:

[0043] 1. Glue signature: Add a digital signature from the top-level domain authority to the glue record, so that the source of the glue record in the root zone can be publicly verified.

[0044] 2. Public key pinning: the resolver uses the public key whitelist or the method of first trust to obtain the top-level domain public key.

[0045] 3. Dual signature: When the top-level domain key is rolled over, the new top-level domain public key certificate requires two signatures from the root authority and the top-level domain authority (using the old key).

[0046] The schematic diagram of t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a self-certified root implementation method based on open source DNS software, and relates to the technical field of DNS security improvement. The invention aims to solve the problem that the root area glue record is tampered due to the fact that a signature mechanism for the root area glue record is not provided in an existing DNSSEC scheme. The method comprises the following steps: generating a regional key and a signature of the regional key to a glue record in a root server and a top-level domain server; and releasing the top-level domain key and the glue record signature thereof to a root server to replace the original glue record of the root region, and querying the top-level domain glue record from the root server on a recursive analyzer and carrying out DNSSEC verification. According to the self-certified root scheme, potential safety hazards that glue records in a DNSSEC scheme may be tampered are improved, and the safety of the glue records in the rootregion is improved by adding signatures of the glue records in the root region. By modifying the source code of the open source DNS software, a trust chain of glue recording from the root domain to the top domain is established in the root region, and self-certification of the root is achieved.

Description

technical field [0001] The invention relates to the technical field of DNS security improvement, in particular to a self-certifying root realization method based on open source DNS software. Background technique [0002] The Domain Name System (DNS) is a basic core service when people use the TCP / IP protocol to access the Internet. It provides more convenient Internet services by mapping host names to IP addresses. The main idea of ​​DNSSEC security extension is to create a cryptographic signature for the information in the DNS through public key encryption technology, and provide authority authentication and information integrity check for the information inside the DNS at the same time. The design idea of ​​DNSSEC is to verify signatures step by step from top to bottom or bottom to top. Implementations of DNSSEC rely on DS records, which are digests of a subdomain's public key. DS records are stored in the parent domain, and trust is transferred from the key of the paren...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/32H04L9/08H04L29/06H04L29/12
CPCH04L9/3247H04L9/3263H04L9/0861H04L63/0428H04L61/4511
Inventor 张宇张文佳方滨兴张宏莉刘文峰
Owner HARBIN INST OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap