DNSsec in Isabelle – replay attack and origin authentication

Kammueller, Florian, Kirsal, Yoney and Cheng, Xiaochun ORCID: https://orcid.org/0000-0003-0371-9646 (2013) DNSsec in Isabelle – replay attack and origin authentication. In: IEEE Int. Conf. on Systems, Man, and Cybernetics, SMC, 2013..

Full text is not in this repository.


In this paper, we present a formal model and analysis for the security extensions of the Domain Name System (DNSsec)
in the interactive theorem prover Isabelle/HOL. Based on the inductive approach of security protocol analysis by Paulson in Isabelle/HOL, we show how the protocol can be modelled and important properties are proved.

We prove that origin authentication works securely. In order to illustrate that the model is adequate, we show gthat previous domain name requests can be replayed -- as in the classical DNS -- by an attacker. These replays luckily can be uniquely identified in DNSsec due to the origin authentication mechanism that we establish to enhance security.

Item Type: Conference or Workshop Item (Paper)
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 15206
Depositing User: Florian Kammueller
Date Deposited: 23 Apr 2015 11:32
Last Modified: 20 Sep 2019 17:05
URI: https://eprints.mdx.ac.uk/id/eprint/15206

Actions (login required)

Edit Item Edit Item