As one of the earliest protocols in the internet, the DNS emerged in an era in which today's global network was still an experiment. Security was not a primary consideration then, and the design of the DNS, like other parts of the internet of the day, did not have cryptography built in. Today, cryptography is part of almost every protocol, including the DNS. And from a cryptographer's perspective, as I described in my talk at last year's International Cryptographic Module Conference (ICMC20), there's so much more to the story than just encryption. more
The Internet Corporation for Assigned Names and Numbers organization (ICANN org) announced that all of the current 1,195 generic top-level domains (gTLDs) have deployed Domain Name System Security Extensions (DNSSEC). more
Technical development often comes in short, intense bursts, where a relatively stable technology becomes the subject of intense revision and evolution. The DNS is a classic example here. For many years this name resolution protocol just quietly toiled away. The protocol wasn't all that secure, and it wasn't totally reliable, but it worked well enough for the purposes we put it to. more
There is a new threat in town known as "SAD DNS" that allows attackers to redirect traffic, putting companies at risk of phishing, data breach, reputation damage, and revenue loss. What is SAD DNS? No, it isn't the domain name system (DNS) feeling moody, but an acronym for a new-found threat -- "Side-channel AttackeD DNS" discovered by researchers that could revive DNS cache poisoning attacks. more
With the COVID-19 pandemic persisting, online shopping will be the preferred method for the 2020 holiday shopping season. While staying home to shop is the safest option right now, it means consumers are more vulnerable to online fraud, counterfeits, and cyber crime. Increased online activity provides opportunities for unscrupulous infringers to abuse trusted brand names to drive visitors to their own fraudulent content. more
The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online. Emerging from an era where interconnection rather than information security was the primary motivation, DNS has gradually improved its security features. more
Data privacy and security experts tell us that applying the "need to know" principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider -- or to other parties -- to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS. more
As outlined in CSC's recent 2020 Domain Security Report: Forbes Global 2000 Companies, cybercriminals are disrupting organizations by attacking the protocol responsible for their online presence -- their domain name system (DNS). When a DNS is overwhelmed with traffic due to a distributed denial of service (DDoS) attack or configuration error, content and applications become inaccessible to users, affecting both revenue and reputation. more
If you are interested in presenting at the ICANN 69 DNSSEC and Security Workshop during the week of 17-22 October 2020, please send a brief (1-2 sentence) description of your proposed presentation to [email protected] by 27 August 2020. We are open to a wide range of topics related to DNS, DNSSEC, DANE, routing security, and more. There are some ideas in the Call for Participation below, but other ideas are definitely welcome, too! more
As we approach four months since the WHO declared COVID-19 to be a pandemic, and with lockdowns and other restrictions continuing in much of the world, it is worth reflecting on how the Internet has coped with the changes in its use, and on what lessons we can learn from these for the future of the network. The people and companies that build and operate the Internet are always planning for more growth in Internet traffic. more
Since Tim Berners-Lee first introduced us to the world wide web, we have seen several major phases of its growth. From the early years -- where researchers and open Internet pioneers led the way; to the dot-com boom; to the era of social media domination; the web has come a long way. While the pandemic circling the globe has undermined many critical systems and institutions of our society, I believe it also has the potential to strengthen is the resolve of the Internet community... more
How are new technologies adopted in the Internet? What drives adoption? What impedes adoption? These were the questions posed at a panel session at the recent EuroDiG workshop in June. In many ways, this is an uncomfortable question for the Internet, given the Internet's uncontrolled runaway success in its first two decades. The IPv4 Internet was deployed about as quickly as capital, expertise, and resources could be bought to bear on the problem... more
If you are interested in speaking at the ICANN 68 DNSSEC Workshop, please send a brief (1-2 sentence) description of your proposed presentation to [email protected] by 29 May 2020. This online workshop will be Monday, 22 June 2020, from 02:00 – 04:30 UTC (10:00 – 12:30 Kuala Lumpur) We are doing something new this time and would like to get a feel for attendance for this virtual meeting. more
Just as we started the new year, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency's (CISA) issued an alert. On January 6, 2020 , they warned of domain name system (DNS) hijacking and other cyber threats that may be used by nation-state threat actors to disrupt business activity and take control of vital internet assets. A familiar refrain heard in 2019 now repeating in 2020. more
While the March report from ICANN's Domain Abuse Activity Reporting system show a general reduction in second-level gTLD domain names identified as being used in phishing, malware distribution, and botnet command and control, it has been widely reported that criminals are taking advantage of the global COVID-19 pandemic by launching malicious online campaigns. There have also been numerous reports of spikes in the use of COVID-19-related domain names for DNS Abuse. more