Analysis of Robust and Secure DNS Protocols for IoT Devices

• URL: http://arxiv.org/abs/2502.09726v1
• Date: Thu, 13 Feb 2025 19:16:39 GMT
• Title: Analysis of Robust and Secure DNS Protocols for IoT Devices
• Authors: Abdullah Aydeger, Sanzida Hoque, Engin Zeydan, Kapal Dev,
• Abstract summary: We investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF)<n>We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits.
• Score: 8.574167373120648
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The DNS (Domain Name System) protocol has been in use since the early days of the Internet. Although DNS as a de facto networking protocol had no security considerations in its early years, there have been many security enhancements, such as DNSSec (Domain Name System Security Extensions), DoT (DNS over Transport Layer Security), DoH (DNS over HTTPS) and DoQ (DNS over QUIC). With all these security improvements, it is not yet clear what resource-constrained Internet-of-Things (IoT) devices should be used for robustness. In this paper, we investigate different DNS security approaches using an edge DNS resolver implemented as a Virtual Network Function (VNF) to replicate the impact of the protocol from an IoT perspective and compare their performances under different conditions. We present our results for cache-based and non-cached responses and evaluate the corresponding security benefits. Our results and framework can greatly help consumers, manufacturers, and the research community decide and implement their DNS protocols depending on the given dynamic network conditions and enable robust Internet access via DNS for different devices.

Related papers

• Transparent Attested DNS for Confidential Computing Services [2.6667047594113096]
  ADNS is a name service that binds attested implementation of confidential services to their domain names. ADNS builds on standards such as DNSSEC, DANE, ACME and Certificate Transparency. We implement aDNS as a confidential service using a fault-tolerant network of TEEs.
  arXiv  Detail & Related papers  (2025-03-18T18:07:09Z)
• Achieving Network Resilience through Graph Neural Network-enabled Deep Reinforcement Learning [64.20847540439318]
  Deep reinforcement learning (DRL) has been widely used in many important tasks of communication networks. Some studies have combined graph neural networks (GNNs) with DRL, which use the GNNs to extract unstructured features of the network. This paper explores the solution of combining GNNs with DRL to build a resilient network.
  arXiv  Detail & Related papers  (2025-01-19T15:22:17Z)
• MTDNS: Moving Target Defense for Resilient DNS Infrastructure [2.8721132391618256]
  DNS (Domain Name System) is one of the most critical components of the Internet. Researchers have been constantly developing methods to detect and defend against the attacks against DNS. Most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped. We propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques.
  arXiv  Detail & Related papers  (2024-10-03T06:47:16Z)
• DNSSEC+: An Enhanced DNS Scheme Motivated by Benefits and Pitfalls of DNSSEC [1.8379423176822356]
  We present DNSSEC+, which addresses security and deployability downsides of DNSSEC. We show how DNSSEC+ fulfills nine security, privacy, and deployability properties for name resolution.
  arXiv  Detail & Related papers  (2024-08-02T01:25:14Z)
• Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet [0.9319432628663636]
  We propose a novel technique for identifying DNSSEC-validating resolvers. We find that while most open resolvers are DNSSEC-enabled, less than 18% in IPv4 (38% in IPv6) validate received responses.
  arXiv  Detail & Related papers  (2024-05-30T08:58:18Z)
• TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
  Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning. This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records. TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
  arXiv  Detail & Related papers  (2023-12-07T08:03:10Z)
• The Evolution of DNS Security and Privacy [1.0603824305049263]
  DNS is one of the fundamental protocols of the TCP/IP stack to protect against threats and attacks. This study examines the risks associated with DNS and explores recent advancements that contribute towards making the DNS ecosystem resilient against various attacks while safeguarding user privacy.
  arXiv  Detail & Related papers  (2023-12-01T06:14:25Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• MAPLE-X: Latency Prediction with Explicit Microprocessor Prior Knowledge [87.41163540910854]
  Deep neural network (DNN) latency characterization is a time-consuming process. We propose MAPLE-X which extends MAPLE by incorporating explicit prior knowledge of hardware devices and DNN architecture latency.
  arXiv  Detail & Related papers  (2022-05-25T11:08:20Z)
• NAS-FAS: Static-Dynamic Central Difference Network Search for Face Anti-Spoofing [94.89405915373857]
  Face anti-spoofing (FAS) plays a vital role in securing face recognition systems. Existing methods rely on expert-designed networks, which may lead to a sub-optimal solution for task FAS. Here we propose the first FAS method based on neural search (NAS), called FAS-FAS, to discover the well-suited task-aware networks.
  arXiv  Detail & Related papers  (2020-11-03T23:34:40Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)
• Certifiable Robustness to Adversarial State Uncertainty in Deep Reinforcement Learning [40.989393438716476]
  Deep Neural Network-based systems are now the state-of-the-art in many robotics tasks, but their application in safety-critical domains remains dangerous without formal guarantees on network robustness. Small perturbations to sensor inputs are often enough to change network-based decisions, which was recently shown to cause an autonomous vehicle to swerve into another lane. This work leverages research on certified adversarial robustness to develop an online certifiably robust for deep reinforcement learning algorithms.
  arXiv  Detail & Related papers  (2020-04-11T21:36:13Z)
• Scalable Quantitative Verification For Deep Neural Networks [44.570783946111334]
  We propose a test-driven verification framework for deep neural networks (DNNs) Our technique performs enough tests until soundness of a formal probabilistic property can be proven. Our work paves the way for verifying properties of distributions captured by real-world deep neural networks, with provable guarantees.
  arXiv  Detail & Related papers  (2020-02-17T09:53:50Z)
• Skip Connections Matter: On the Transferability of Adversarial Examples Generated with ResNets [83.12737997548645]
  Skip connections are an essential component of current state-of-the-art deep neural networks (DNNs) Use of skip connections allows easier generation of highly transferable adversarial examples. We conduct comprehensive transfer attacks against state-of-the-art DNNs including ResNets, DenseNets, Inceptions, Inception-ResNet, Squeeze-and-Excitation Network (SENet)
  arXiv  Detail & Related papers  (2020-02-14T12:09:21Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.