DNSsec in Isabelle – replay attack and origin authentication

Kammueller, Florian ORCID logoORCID: https://orcid.org/0000-0001-5839-5488, Kirsal, Yoney and Cheng, Xiaochun ORCID logoORCID: https://orcid.org/0000-0003-0371-9646 (2013) DNSsec in Isabelle – replay attack and origin authentication. In: IEEE Int. Conf. on Systems, Man, and Cybernetics, SMC, 2013.. . [Conference or Workshop Item]


In this paper, we present a formal model and analysis for the security extensions of the Domain Name System (DNSsec)
in the interactive theorem prover Isabelle/HOL. Based on the inductive approach of security protocol analysis by Paulson in Isabelle/HOL, we show how the protocol can be modelled and important properties are proved.

We prove that origin authentication works securely. In order to illustrate that the model is adequate, we show gthat previous domain name requests can be replayed -- as in the classical DNS -- by an attacker. These replays luckily can be uniquely identified in DNSsec due to the origin authentication mechanism that we establish to enhance security.

Item Type: Conference or Workshop Item (Paper)
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 15206
Depositing User: Florian Kammueller
Date Deposited: 23 Apr 2015 11:32
Last Modified: 30 Oct 2019 21:04
URI: https://eprints.mdx.ac.uk/id/eprint/15206

Actions (login required)

View Item View Item


Activity Overview
6 month trend
6 month trend

Additional statistics are available via IRStats2.