Identifier Resolution Model Based on Encryption Transmission

doi:10.3969/j.issn.1006-2475.2020.04.009

Abstract

Abstract: Identifier resolution system is the foundation for the stable operation and development of Internet. The privacy protection and data security issues of identifier resolution system draw significantly more attention. Technologies including DNSSEC based on digital signature and DoT based on encryption technology can solve the security problem partially, but cannot realize the user privacy protection of the whole process of identifier resolution. Based on the current status of technology research, a new identifier resolution trust model based on encryption transmission is proposed, and a trust chain is established to realize the trust transfer of each node in the identifier resolution system, and through the whole process of encryption communication, the user privacy and data security during identifier parsing are protected. Firstly, the research status of security technology in domain name area is introduced, then the whole structure, trust chain model and work flow of the proposed model are described, finally by five group experiments, the delay, performance and security of the model under different encryption methods and transfer protocols are tested and analyzed, and the feasibility of the model is verified by combining with the test results of live DNS.

Key words: identifier resolution system, encryption transmission, trust chain, privacy protection

CLC Number:

TP393

ZUO Peng, HE Zhi-mou, YUAN Meng, ZHANG Hai-kuo, YANG Wei-ping. Identifier Resolution Model Based on Encryption Transmission[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2020.04.009.

References

［1］ MOCKAPETRIS P. RFC 1034: Domain Names-Concepts and Facilities［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc1034.
［2］ MOCKAPETRIS P. RFC 1035: Domain Names-Implementation and Specification［EB /OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc1035.
［3］于世梁. 由“棱镜”计划反思我国信息网络安全［J］. 湖北行政学院学报, 2013(5):88-92.
［4］胡宁,邓文平,姚苏. 互联网DNS安全研究现状与挑战［J］. 网络与信息安全学报, 2017,3(3):13-21.
［5］ HU Z, ZHU L, HEIDEMANN J, et al. RFC 7858: Specification for DNSOver Transport Layer Security (TLS)［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc7858.
［6］ HOFFMAN P, MCMANUS P. RFC 8484: DNS Queries Over HTTPS (DoH)［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc8484.
［7］ CARLO C, WILMER G, DAVID L et al. RFC 7871: Client Subnet in DNS Queries［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc7871.
［8］ REDDY T, WING D, PATIL P. RFC 8094: DNS Over Datagram Transport Layer Security (DTLS)［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc8094.
［9］ DNSCurve. DNSCurve: Usable Security for DNS［EB/OL］. 〖JP4〗(2009-06-22)［2019-07-16］. https://dnscurve.org/index.html.
［10］DEMPSKY M. DNSCurve: Link-level Security for the Domain Name System［EB/OL］. (2010-02-26)［2019-07-16］. https://tools.ietf.org/html/draft-dempsky-dnscurve-01.
［11］ARENDS R, AUSTEIN R, LARSON M, et al. RFC 4033: DNS Security Introduction and Requirements［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc4033.
［12］ARENDS R, AUSTEIN R, LARSON M, et al. RFC 4034: Resource Records for the DNS Security Extensions［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc4034.
［13］ARENDS R, AUSTEIN R, LARSON M, et al. RFC 4035: Protocol Modifications for the DNS Security Extensions［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc4035.
［14］许成喜,胡荣贵,施凡,等. Kaminsky域名系统缓存投毒防御策略研究［J］. 计算机工程, 2013,39(1):12-17.
［15］SCHNEIDER D. How a Recently Discovered Flaw in the Internet’s Domain Name System Makes It Easy for Scammers to Lure You to Fake Web Sites［EB/OL］. (2008-10-01)［2019-07-16］. http://spectrum.ieee.org/computing/software/fresh-phish.
［16］LIAN W， RESCORLA E， SHACHAM H， el a1． Measuring the practical impact of DNSSEC deployment［C］// USENIX Security 2013. 2013:573-588.
［17］STEPHANE B, PAUL H. RFC7816BIS-02: DNS Query Name Minimisation to Improve Privacy［EB/OL］. ［2019-07-16］. https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc7816bis/.
［18］STEVE K C. Assuring data privacy compliance［J］. Information Systems Control Journal, 2004.
［19］FEDERRATH H, FUCHS K P, HERRMANN D, et al. Privacy-preserving DNS： Analysis of broadcast， range queries and mix-based protection methods［C］// The 16th European Symposium on Research in Computer Security. 2011:665-683.
［20］BLADWIN R, COX G, DOWELL C, el al. RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc6101.
［21］ALLEN C, ABADI M, BELLOVIN S M, el al. RFC 5246: The Transport Layer Security(TLS) Protocol Version 1.2［EB/OL］. ［2019-07-16］. https://tools.ietf.org/html/rfc5246.
［22］JIN Y, TOMOISHI M, YAMAI N. An advanced client based DNSSEC validation and preliminary evaluations toward realization［C］// 2016 International Conference on Information and Communication Technology Convergence. 2016:178-183.
［23］ZHU L, HU Z, HEIDIMANN J, et al. Connection-oriented DNS to improve privacy and security［C］// ACM Conference on SIGCOMM. 2014.

[1]	ZHA Kai-jin, WANG Zhi-bo, HE Yue-shun, XU Hong-zhen. Survey on Blockchain Security Protection [J]. Computer and Modernization, 2023, 0(06): 110-117.
[2]	FENG Li-gang, ZHU You-wen, . Utility-optimized Local Differential Privacy Mechanism for Protecting Location Privacy [J]. Computer and Modernization, 2022, 0(09): 99-105.
[3]	ZHANG Tian-xi, WANG Li-peng, ZHOU Chun-tian, YANG Yan-yan, LI Xiao-chong. Secret Content Auditing Scheme in Internet of Things Scenes Based on Blockchain [J]. Computer and Modernization, 2022, 0(03): 30-36.
[4]	SHANG Jing-wei1,2, JIANG Rong1,2, HU Xiao-han1,2, SHI Ming-yue1,2. Medical Big Data and Privacy Leakage [J]. Computer and Modernization, 2019, 0(07): 111-.
[5]	LIU Bo, HUANG Zhi-qiu, WANG Shan-shan. A Method of Service Evolution for Controlling Risk of Privacy Exposure [J]. Computer and Modernization, 2014, 0(10): 76-80,107.
[6]	ZHANG Xing-lan;YU Jin-ying. Strategy for Privacy Protection of Supporting Data Modification [J]. Computer and Modernization, 2013, 1(8): 175-178,.
[7]	XU Shuai. Research on Enforcing Privacy Security in MapReduce Based on Decentralized Information Flow Control [J]. Computer and Modernization, 2012, 1(03): 93-97.
[8]	RAO Lan-xiang. Research on Data Mining Based on Privacy Protection [J]. Computer and Modernization, 2011, 12(12): 109-111.