Presentation is loading. Please wait.

Presentation is loading. Please wait.

RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007."— Presentation transcript:

1 RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007

2 12.5.07 2RASD - Weaver/Witmer - CS622 Overview We designed and implemented a scalable system to secure DNS traffic on a local network We designed and implemented a scalable system to secure DNS traffic on a local network

3 12.5.07 3RASD - Weaver/Witmer - CS622 System Design Goals 1. Create trusted channels for name record information exchange 2. Rapid server-side push updates for cached client name records

4 12.5.07 4RASD - Weaver/Witmer - CS622 Data Exchange Format DNS traffic is UDP DNS traffic is UDP Keep UDP on the client Keep UDP on the client Client/Server communication is XML over SSL Client/Server communication is XML over SSL

5 12.5.07 5RASD - Weaver/Witmer - CS622 Client Software Listen and respond to local DNS queries, with caching Listen and respond to local DNS queries, with caching Listen for server-pushed name record updates Listen for server-pushed name record updates

6 12.5.07 6RASD - Weaver/Witmer - CS622 Server Software Listen for client DNS queries and respond, with caching Listen for client DNS queries and respond, with caching Wait for name record updates, and push to registered clients Wait for name record updates, and push to registered clients

7 12.5.07 7RASD - Weaver/Witmer - CS622 Prototype Results HostnameRASD Lookup Time (s)Windows Client Lookup Time (s) homestead.com0.3430.156 flickr.com0.250.109 ncf.com0.4680.234 stockmarketenews.com0.5460.234 petroflexna.com0.5930.234 pnanet.com0.50.234 nia.com0.5460.25 agilent.com0.4060.062 peyamner.com0.3590.062 yahoo.com0.1560.078 flbb.com0.8590.468 blogspot.com0.6710.234 AVERAGE0.5340.187

8 12.5.07 8RASD - Weaver/Witmer - CS622 Prototype Results Domain NameRASD Average (s)WinClient Average (s) google.com0.03680.0666 compusa.com0.03420.0728 agilent.com0.014750.0635 amazon.com0.02440.0604 yahoo.com0.02290.0524 Average Time for 10 DNS Queries

9 12.5.07 9RASD - Weaver/Witmer - CS622 Further Research Extended DNS handling Extended DNS handling RASD Server discovery RASD Server discovery Automatic Client Installation Automatic Client Installation SCOLD Environment testing SCOLD Environment testing Standardized entry caching Standardized entry caching

10 12.5.07 10RASD - Weaver/Witmer - CS622 Conclusion The architecture is valid The architecture is valid The implementation needs extension and refactoring The implementation needs extension and refactoring Numerous options for further research Numerous options for further research

11 12.5.07 11RASD - Weaver/Witmer - CS622 References [1] A. Friedlander, A. Mankin, WD Maughan, and S. Crocker. "DNSSEC: A Protocol Towards Securing the Internet Infrastructure". Communications of the ACM. Vol. 50, Num. 6. pp 44-50. June 2007. [1] A. Friedlander, A. Mankin, WD Maughan, and S. Crocker. "DNSSEC: A Protocol Towards Securing the Internet Infrastructure". Communications of the ACM. Vol. 50, Num. 6. pp 44-50. June 2007. [2] G. Ateniese and S. Mangard. "A New Approach to DNS Security (DNSSEC)". Proceedings of the 8th ACM conference on Computer and Communications Security. pp 86-95. 2001. [2] G. Ateniese and S. Mangard. "A New Approach to DNS Security (DNSSEC)". Proceedings of the 8th ACM conference on Computer and Communications Security. pp 86-95. 2001. [3] C.E. Chow, Y. Cai, D. Wilkinson, and G. Godavari. "Secure Collective Defense System". Global Telecommunications Conference (GLOBECOM '04). Volume 4. pp 2245-2249. December 2004. [3] C.E. Chow, Y. Cai, D. Wilkinson, and G. Godavari. "Secure Collective Defense System". Global Telecommunications Conference (GLOBECOM '04). Volume 4. pp 2245-2249. December 2004. [4] Website: “DNS Tester”. http://www.codeproject.com/KB/IP/DNSTester.aspx. [4] Website: “DNS Tester”. http://www.codeproject.com/KB/IP/DNSTester.aspx. http://www.codeproject.com/KB/IP/DNSTester.aspx [5] Website: “Dig DNS Query Tool“. http://members.shaw.ca/nicholas.fong/dig/. [5] Website: “Dig DNS Query Tool“. http://members.shaw.ca/nicholas.fong/dig/. http://members.shaw.ca/nicholas.fong/dig/

Download ppt "RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007."

Similar presentations

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.

CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
Netscape Application Server Application Server for Business-Critical Applications Presented By : Khalid Ahmed DS 520 - Fall 98.

Netscape Application Server Application Server for Business-Critical Applications Presented By : Khalid Ahmed DS Fall 98.
PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,

PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 8: Application Layer Dr. Nghi Tran.

ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 8: Application Layer Dr. Nghi Tran.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Secure Group communication for First Responders [SGFR] By Ganesh Godavari.

Secure Group communication for First Responders [SGFR] By Ganesh Godavari.
8.

8.
Component-oriented approaches to context-aware systems – Monday 14 June 2004 1 The Contextor Infrastructure for Context-Aware Computing Gaëtan Rey, Joëlle.

Component-oriented approaches to context-aware systems – Monday 14 June The Contextor Infrastructure for Context-Aware Computing Gaëtan Rey, Joëlle.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.

RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.
October 2003 Iosif Legrand Iosif Legrand California Institute of Technology.

October 2003 Iosif Legrand Iosif Legrand California Institute of Technology.
DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.

DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.
Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

Similar presentations

Ads by Google