Measuring Adoption of DNS Security Mechanisms with Cross-Sectional Approach

2021 IEEE Global Communications Conference (GLOBECOM) Pub Date : 2021-12-01 DOI:10.1109/GLOBECOM46510.2021.9685960

Masanori Yajima, Daiki Chiba, Yoshiro Yoneya, Tatsuya Mori

{"title":"Measuring Adoption of DNS Security Mechanisms with Cross-Sectional Approach","authors":"Masanori Yajima, Daiki Chiba, Yoshiro Yoneya, Tatsuya Mori","doi":"10.1109/GLOBECOM46510.2021.9685960","DOIUrl":null,"url":null,"abstract":"The threat of attacks targeting a DNS, such as DNS cache poisoning attacks and DNS amplification attacks, continues unabated. In addition, attacks that exploit the difficulty in deter-mining the authenticity of domain names, such as phishing sites and fraudulent emails, continue to be a significant threat. Various DNS security mechanisms have been proposed, standardized, and implemented as effective countermeasures against DNS-related attacks. However, it is not clear how widespread these security mechanisms are in the DNS ecosystem and how effectively they work in the wild. With this background, this study targets the major DNS security mechanisms deployed for the DNS name servers, DNSSEC, DNS Cookies, CAA, SPF, DMARC, MTA-STS, DANE, and TLSRPT, and a large-scale measurement analysis of their deployment is conducted. Our results quantitatively reveal that, as of 2021, the adoption rate of most DNS security mechanisms, except SPF, remains low, and the adoption rate is lower for mechanisms that are more difficult to configure. These findings suggest the importance of developing easy-to-deploy tools to promote the adoption of security mechanisms.","PeriodicalId":200641,"journal":{"name":"2021 IEEE Global Communications Conference (GLOBECOM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Global Communications Conference (GLOBECOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GLOBECOM46510.2021.9685960","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The threat of attacks targeting a DNS, such as DNS cache poisoning attacks and DNS amplification attacks, continues unabated. In addition, attacks that exploit the difficulty in deter-mining the authenticity of domain names, such as phishing sites and fraudulent emails, continue to be a significant threat. Various DNS security mechanisms have been proposed, standardized, and implemented as effective countermeasures against DNS-related attacks. However, it is not clear how widespread these security mechanisms are in the DNS ecosystem and how effectively they work in the wild. With this background, this study targets the major DNS security mechanisms deployed for the DNS name servers, DNSSEC, DNS Cookies, CAA, SPF, DMARC, MTA-STS, DANE, and TLSRPT, and a large-scale measurement analysis of their deployment is conducted. Our results quantitatively reveal that, as of 2021, the adoption rate of most DNS security mechanisms, except SPF, remains low, and the adoption rate is lower for mechanisms that are more difficult to configure. These findings suggest the importance of developing easy-to-deploy tools to promote the adoption of security mechanisms.

查看原文本刊更多论文

用横断面法测量DNS安全机制的采用情况

针对DNS的攻击威胁有增无减，例如DNS缓存投毒攻击和DNS放大攻击。此外，利用难以确定域名的真实性进行的攻击，如网络钓鱼网站和欺诈性电子邮件，仍然是一个重大威胁。各种DNS安全机制已经被提出、标准化并实现，作为应对DNS攻击的有效手段。然而，目前尚不清楚这些安全机制在DNS生态系统中有多普遍，以及它们在野外的工作效率如何。在此背景下，本研究针对DNS名称服务器、DNSSEC、DNS cookie、CAA、SPF、DMARC、MTA-STS、DANE和TLSRPT部署的主要DNS安全机制进行了大规模的测量分析。我们的研究结果定量地显示，截至2021年，除了SPF之外，大多数DNS安全机制的采用率仍然很低，对于更难配置的机制采用率更低。这些发现表明了开发易于部署的工具以促进安全机制采用的重要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE Global Communications Conference (GLOBECOM)

自引率

0.00%

发文量