CT-ISG: Collaborative Research: DNS Security Revisited: Enabling Cryptographic Defenses in Large-Scale Networks

CT-ISG：协作研究：DNS 安全重温：在大规模网络中启用加密防御

• 批准号: 0524172
• 负责人: Daniel Massey
• 金额: $ 16万
• 依托单位: Colorado State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2005
• 资助国家: 美国
• 起止时间: 2005-08-15 至 2008-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0524172&HistoricalAwards=false
• 关键词: CT; ISG; Collaborative; Research; DNS

Proposal: 0524172Title: CT-ISG Collaborative Research: DNS Security Revisited: Enabling Cryptographic Defenses in Large-Scale Distributed SystemsPIs: Lixia Zhang (UCLA), Songwu Lu (UCLA), and Dan Massey (Colorado State)The Domain Name System (DNS) is a core Internet protocol and virtually all Internet applications rely on some form of DNS data. This project is identifying and addressing fundamental technical challenges in deploying the DNS Security Extensions (DNSSEC) in the global Internet. DNSSEC aims at enhancing DNS with data origin authentication and data integrity checking by applying well defined cryptographic solutions, however a number of system issues have arisen in the process of moving the cryptographic solution to real deployment. This project is first conducting a systematic assessment of the gap between the DNSSEC specification and the deployment constraints. For each identified technical challenge, the project is proposing, implementing, and evaluating specific solutions and then integrating such solutions into a unified design improvement.DNSSEC deployment is critical to enhanced security in cyberspace, and this effort will help move it forward by overcoming existing roadblocks, foreseeing new obstacles on the road, and developing enabling techniques to clear these obstacles. The project will also extrapolate a set of lessons and principles on major challenges in deploying cryptographic protection in large scale systems, which will hopefully provide input into other cryptographic deployment effort, such as the global routing system.

提案：0524172标题：CT-ISG合作研究：DNS安全再访：在大规模分布式系统中启用密码防御PI：Lixia Zhang（UCLA），Songwu Lu（UCLA）和Dan Massey（科罗拉多州）域名系统（DNS）是一种核心互联网协议，几乎所有的互联网应用程序都依赖于某种形式的DNS数据。 该项目旨在确定和解决在全球互联网中部署DNS安全扩展（DNSSEC）的基本技术挑战。 DNSSEC旨在通过应用定义良好的加密解决方案，通过数据源身份验证和数据完整性检查来增强DNS，但是在将加密解决方案移动到真实的部署的过程中出现了许多系统问题。 该项目首先对DNSSEC规范和部署限制之间的差距进行系统评估。 对于每一个确定的技术挑战，该项目都在提出、实施和评估特定的解决方案，然后将这些解决方案集成到统一的设计改进中。DNSSEC部署对于增强网络空间的安全至关重要，这一努力将有助于克服现有的障碍，在道路上排除新的障碍，并开发使能技术来清除这些障碍，从而推动网络安全向前发展。 该项目还将推断出一套关于在大规模系统中部署加密保护的主要挑战的经验教训和原则，这将有望为其他加密部署工作提供投入，例如全球路由系统。