FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4281490003> ?p ?o ?g. }

• W4281490003 abstract "Cryptographic algorithm agility is an important property for DNSSEC: it allows easy deployment of new algorithms if the existing ones are no longer secure. Significant operational and research efforts are dedicated to pushing the deployment of new algorithms in DNSSEC forward. Recent research shows that DNSSEC is gradually achieving algorithm agility: most DNSSEC supporting resolvers can validate a number of different algorithms and domains are increasingly signed with cryptographically strong ciphers. In this work we show for the first time that the cryptographic agility in DNSSEC, although critical for making DNS secure with strong cryptography, also introduces a severe vulnerability. We find that under certain conditions, when new algorithms are listed in signed DNS responses, the resolvers do not validate DNSSEC. As a result, domains that deploy new ciphers, risk exposing the validating resolvers to cache poisoning attacks. We use this to develop DNSSEC-downgrade attacks and show that in some situations these attacks can be launched even by off-path adversaries. We experimentally and ethically evaluate our attacks against popular DNS resolver implementations, public DNS providers, and DNS services used by web clients worldwide. We validate the success of DNSSEC-downgrade attacks by poisoning the resolvers: we inject fake records, in signed domains, into the caches of validating resolvers. We find that major DNS providers, such as Google Public DNS and Cloudflare, as well as 70% of DNS resolvers used by web clients are vulnerable to our attacks. We trace the factors that led to this situation and provide recommendations." @default.
• W4281490003 created "2022-05-26" @default.
• W4281490003 creator A5001159554 @default.
• W4281490003 creator A5007833679 @default.
• W4281490003 creator A5013799325 @default.
• W4281490003 creator A5044054872 @default.
• W4281490003 creator A5075110050 @default.
• W4281490003 creator A5078166208 @default.
• W4281490003 date "2022-05-21" @default.
• W4281490003 modified "2023-09-23" @default.
• W4281490003 title "SERVFAIL: The Unintended Consequences of Algorithm Agility in DNSSEC" @default.
• W4281490003 doi "https://doi.org/10.48550/arxiv.2205.10608" @default.
• W4281490003 hasPublicationYear "2022" @default.
• W4281490003 type Work @default.
• W4281490003 citedByCount "0" @default.
• W4281490003 crossrefType "posted-content" @default.
• W4281490003 hasAuthorship W4281490003A5001159554 @default.
• W4281490003 hasAuthorship W4281490003A5007833679 @default.
• W4281490003 hasAuthorship W4281490003A5013799325 @default.
• W4281490003 hasAuthorship W4281490003A5044054872 @default.
• W4281490003 hasAuthorship W4281490003A5075110050 @default.
• W4281490003 hasAuthorship W4281490003A5078166208 @default.
• W4281490003 hasBestOaLocation W42814900031 @default.
• W4281490003 hasConcept C110875604 @default.
• W4281490003 hasConcept C136764020 @default.
• W4281490003 hasConcept C148730421 @default.
• W4281490003 hasConcept C178489894 @default.
• W4281490003 hasConcept C203062551 @default.
• W4281490003 hasConcept C2779628075 @default.
• W4281490003 hasConcept C35026560 @default.
• W4281490003 hasConcept C38652104 @default.
• W4281490003 hasConcept C41008148 @default.
• W4281490003 hasConceptScore W4281490003C110875604 @default.
• W4281490003 hasConceptScore W4281490003C136764020 @default.
• W4281490003 hasConceptScore W4281490003C148730421 @default.
• W4281490003 hasConceptScore W4281490003C178489894 @default.
• W4281490003 hasConceptScore W4281490003C203062551 @default.
• W4281490003 hasConceptScore W4281490003C2779628075 @default.
• W4281490003 hasConceptScore W4281490003C35026560 @default.
• W4281490003 hasConceptScore W4281490003C38652104 @default.
• W4281490003 hasConceptScore W4281490003C41008148 @default.
• W4281490003 hasLocation W42814900031 @default.
• W4281490003 hasOpenAccess W4281490003 @default.
• W4281490003 hasPrimaryLocation W42814900031 @default.
• W4281490003 hasRelatedWork W125192817 @default.
• W4281490003 hasRelatedWork W1551406745 @default.
• W4281490003 hasRelatedWork W1570504403 @default.
• W4281490003 hasRelatedWork W1606647425 @default.
• W4281490003 hasRelatedWork W2047347125 @default.
• W4281490003 hasRelatedWork W2148742293 @default.
• W4281490003 hasRelatedWork W2293956668 @default.
• W4281490003 hasRelatedWork W2776841828 @default.
• W4281490003 hasRelatedWork W92571556 @default.
• W4281490003 hasRelatedWork W2099557070 @default.
• W4281490003 isParatext "false" @default.
• W4281490003 isRetracted "false" @default.
• W4281490003 workType "article" @default.