Securing Domain Name System Combined with MIPv6 for Mobile Hosts

Abstract

DNS is the standard mechanism for name to IP address resolution. The DNS has been extended to DNSSEC to add security by providing origin authentication and data integrity by the process of creating signatures periodically, which results in intensive computations. Adding digital signatures to a domain increases each record size by 5-7 times, which puts a burden of DNS reply messages on the authoritative name servers. The goal of this paper is to find secure DNS mechanism, which cause relatively low computation loads and reply burden especially for infrastructure mode MANET gateways that are responsible for name resolution services as well as local mobility management for mobile hosts. This paper proposes SECDNS (Secure DNS) mechanism that handles secure query/reply transactions using the one-time session key generated per a query basis. In the proposed SECDNS, burden for securing DNS is distributed for every DNS queries. We analyze how many SECDNS transactions can the session key with a given length handle and suggest the solution of the anti-MITM attack scheme, which protects the name resolution services against the possible MITM attacks and make it useless for the enemy to decrypt the SECDNS reply messages in time.