Your search keyword '"DNS spoofing"' showing total 12 results

1. Dynamic forest of random subsets-based one-time signature-based capability enhancing security architecture for named data networking

Author

M. Victor Jose and Varghese Jensy Babu

Subjects

Authentication, Computer Networks and Communications, Computer science, Network packet, business.industry, Applied Mathematics, Denial-of-service attack, Enterprise information security architecture, Computer Science Applications, Flooding (computer networking), Computational Theory and Mathematics, Artificial Intelligence, PlanetLab, DNS spoofing, Electrical and Electronic Engineering, business, Dissemination, Information Systems, Computer network

Abstract

Network caching in named data networks (NDN) is essential for improving the potentialities of the conventional IP networking. The concept of network caching is necessary for achieving optimal bandwidth utilization and location independent data access during multipath data dissemination. However, network caching in NDN makes it highly vulnerable to security breaches such as access content packets violation, flooding or malicious injection of packets and content cache poisoning. In this paper, a dynamic forest of random subsets-based one-time signature-based capability enhancing security architecture (DFORS-CSA) is proposed for attaining distributed data authentication. This DFORS-CSA security architecture leverages the potential in exploring the access privileges of the packets disseminated in the network. It includes the capability through which the routes can perform authentication of packets forwarded in NDN. It supports a significant verification strategy through which the routers can ensure the packet timeliness for resolving the problems that get introduced through unsolicited packets exchanged during flooding-based denial of service attacks. The simulation experiments of the proposed DFORS-CSA is conducted using the open source CCNs platform and Planetlab simulator. The results of the proposed DFORS-CSA confirmed its predominance in minimizing overall delay and time incurred in the bit vector generation by 16.74 and 15.63%, excellent to the baseline approaches. The results of the proposed DFORS-CSA also conformed a mean improvement in the precision rate by 10.21%, true positive rate by 8.94% and F-measure by 7.62% with decreased false positive rate of 8.56%, during the process of detecting content cache poisoning attack.

Published

2021

2. Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking

Author

M. Victor Jose and Varghese Jensy Babu

Subjects

Network packet, Computer science, business.industry, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Cache pollution, Merkle tree, Computer Science Applications, Flooding (computer networking), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, DNS spoofing, Electrical and Electronic Engineering, business, Dissemination, Computer network

Abstract

The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking. It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination. However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets. In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination. It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN. It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets. The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 14.61%, superior to the benchmarked schemes. It is identified to minimize the delay incurred in generating bit vectors by a average margin of 13.06%, excellent to the baseline approaches. It also confirmed a mean increase in the true positive rate of 5.42%, a mean increase in the precision rate of 6.04%, decrease in false positive rate of 6.82% and increase in F-measure of 5.62% compared to the baseline approaches in the context of detecting content cache pollution attack respectively.

Published

2020

3. A wrinkle in time: a case study in DNS poisoning

Author

Moti Geva, Amit Dvir, and Harel Berger

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, business.industry, Domain Name System, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Networking hardware, Root name server, Server, Key (cryptography), The Internet, DNS spoofing, Safety, Risk, Reliability and Quality, business, Cryptography and Security (cs.CR), Software, Information Systems, Computer network

Abstract

The Domain Name System (DNS) provides a translation between readable domain names and IP addresses. The DNS is a key infrastructure component of the Internet and a prime target for a variety of attacks. One of the most significant threat to the DNS's wellbeing is a DNS poisoning attack, in which the DNS responses are maliciously replaced, or poisoned, by an attacker. To identify this kind of attack, we start by an analysis of different kinds of response times. We present an analysis of typical and atypical response times, while differentiating between the different levels of DNS servers' response times, from root servers down to internal caching servers. We successfully identify empirical DNS poisoning attacks based on a novel method for DNS response timing analysis. We then present a system we developed to validate our technique that does not require any changes to the DNS protocol or any existing network equipment. Our validation system tested data from different architectures including LAN and cloud environments and real data from an Internet Service Provider (ISP). Our method and system differ from most other DNS poisoning detection methods and achieved high detection rates exceeding 99%. These findings suggest that when used in conjunction with other methods, they can considerably enhance the accuracy of these methods.

Published

2020

4. An analysis of security solutions for ARP poisoning attacks and its effects on medical computing

Author

Ajith Abraham, B. Prabadevi, and N. Jeyanthi

Subjects

Stateless protocol, Computer science, Strategy and Management, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Information sensitivity, 0202 electrical engineering, electronic engineering, information engineering, ARP spoofing, 020201 artificial intelligence & image processing, Address Resolution Protocol, DNS spoofing, Safety, Risk, Reliability and Quality, computer, Host (network)

Abstract

Network utilization reached its maximum level due to the availability of high-end technologies in the least cost. This enabled the network users to share the sensitive information like account details, patient records, genomics details for biomedical research and defence details leading to cyber-war. Data are vulnerable at any level of communication. The link-layer Address Resolution Protocol (ARP) is initiated for any data communication to take place among the hosts in a LAN. Because of the stateless nature of this protocol, it has been misused for illegitimate activities. These activities lead to the most devasting attacks like Denial of Service, Man-in-the-Middle, host impersonation, sniffing, and cache poisoning. Though various host-based and network-based intrusion detection/prevention techniques exist, they fail to provide a complete solution for this type of poisoning. This paper analyzes the existing defence systems against ARP attacks and proposes three different techniques for detecting and preventing the ARP attacks. The three techniques ensure security of traditional ARP and its impact in Medical computing where a single bit inversion could lead to wrong diagnosis.

Published

2019

5. A Selective Re-Query Case Sensitive Encoding Scheme Against DNS Cache Poisoning Attacks

Author

Haochen Liu, Jin Cao, Xilei Wang, and Maode Ma

Subjects

Scheme (programming language), 021110 strategic, defence & security studies, business.industry, Computer science, Domain Name System, 0211 other engineering and technologies, 02 engineering and technology, Case Sensitive, Computer security, computer.software_genre, Internet security, Computer Science Applications, Encoding (memory), 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, The Internet, DNS spoofing, Electrical and Electronic Engineering, business, computer, Computer network, computer.programming_language

Abstract

A domain name system (DNS) with a hierarchical domain name resolution scheme plays an important role in today's Internet surfing. To protect DNS against cache poisoning attacks is a key issue to achieve Internet security. A lot of defense schemes have been proposed to prevent DNS cache poisoning attacks in recent years. However, most of those schemes cannot get the balance between the security functionality and the performance of the networks. In this paper, in order to improve the performance of the existing security schemes against cache poisoning attacks, we propose a Selective Re-Query Case Sensitive Encoding scheme to efficiently prevent DNS cache poisoning attacks. Our scheme can be easily implemented and deployed only with little modification at the DNS server and can achieve the balance between the security and efficiency. The analysis shows that our scheme can provide strong security functionality with desirable efficiency.

Published

2016

6. A new approach to deploying private mobile network exploits

Author

Eun Young Kim and Jongsub Moon

Subjects

060201 languages & linguistics, Exploit, business.industry, Computer science, 06 humanities and the arts, 02 engineering and technology, Theoretical Computer Science, Base station, Hardware and Architecture, 0602 languages and literature, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, 020201 artificial intelligence & image processing, Data as a service, Enhanced Data Rates for GSM Evolution, DNS spoofing, business, Telecommunications, Packet radio, Software, Information Systems, Computer network

Abstract

Private mobile communication systems (MCS) can be established easily with an open project and small MCS base stations are increasingly deployed in experiment environment. They can support not only voice communication, but also short message services (SMS) and data services. If a user has small base station (BS), then establishing a private real-world MCS becomes a clear option. For a private MCS to function properly, the services of private MCSs based on open projects should be configured similarly to those provided by commercial MCSs. In other words, the service should include voice communication, a SMS, and a General Packet Radio Services/Enhanced Data rates for GSM Evolution service. Also, the subscriber station, likewise, should be configured to support such services. In this paper, we consider attack scenarios using experimental MCSs with small BSs. We experimentally show the feasibility of attacks resulting in the leakage of private information, attacks on OpenBSC control, and DNS spoofing at the network level, all without subscriber knowledge.

Published

2015

7. Two level verification for detection of DNS rebinding attacks

Author

E. Sivasankar and Siva Brahmasani

Subjects

Hostname, Same-origin policy, business.industry, Computer science, Strategy and Management, DNS zone transfer, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Access control, Computer security, computer.software_genre, nsupdate, DNS spoofing, DNS hijacking, Safety, Risk, Reliability and Quality, business, computer, DNS rebinding

Abstract

In this paper the focus is on the detection and prevention of DNS rebinding attack. DNS rebinding attack circumvents the access control of browser’s same origin policy (SOP) and converts them into open network proxies to access the information of target systems. It works by sending in genuine IP address for the DNS response and infects the victim browser with malicious Javascript or other active content which then exploits the name-based SOP. This leads to the successful launch of the attack in spite of the existence of strong authentication schemes. The existing counter mechanisms are not able to prevent all types of DNS rebinding attacks. We propose two level based solution, level-I is based on the comparison of the hostname of canonical NAME of each reverse DNS lookup of IP address returned by DNS response with the original domain name and level-II compares the HTTP response content of the each IP addresses returned by DNS response. The SSE network testbed was used for testing the proposed solution and the experimental results show that the proposed solutions are able to detect and prevent all subsequent DNS rebinding attacks.

Published

2013

8. A novel approach to protect against phishing attacks at client side using auto-updated white-list

Author

Ankit Kumar Jain and Brij B. Gupta

Subjects

Computer science, Domain Name System, 020206 networking & telecommunications, 02 engineering and technology, General Medicine, Client-side, Hyperlink, Computer security, computer.software_genre, Phishing, Information sensitivity, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, DNS spoofing, computer, Access time, Spoofed URL

Abstract

Most of the anti-phishing solutions are having two major limitations; the first is the need of a fast access time for a real-time environment and the second is the need of high detection rate. Black-list-based solutions have the fast access time but they suffer from the low detection rate while other solutions like visual similarity and machine learning suffer from the fast access time. In this paper, we propose a novel approach to protect against phishing attacks using auto-updated white-list of legitimate sites accessed by the individual user. Our proposed approach has both fast access time and high detection rate. When users try to open a website which is not available in the white-list, the browser warns users not to disclose their sensitive information. Furthermore, our approach checks the legitimacy of a webpage using hyperlink features. For this, hyperlinks from the source code of a webpage are extracted and apply to the proposed phishing detection algorithm. Our experimental results show that the proposed approach is very effective for protecting against phishing attacks as it has 86.02 % true positive rate while less than 1.48 % false negative rate. Moreover, our proposed system is efficient to detect various other types of phishing attacks (i.e., Domain Name System (DNS) poisoning, embedded objects, zero-hour attack).

Published

2016

9. User privacy and modern mobile services: are they on the same path?

Author

Georgios Kambourakis, Jong Hyuk Park, Marios Anagnostopoulos, Stefanos Gritzalis, and Dimitrios Damopoulos

Subjects

Service (systems architecture), Information privacy, business.industry, Computer science, Privacy software, Internet privacy, Mobile computing, Context (language use), Management Science and Operations Research, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, Key (cryptography), Malware, DNS spoofing, business, computer

Abstract

Perhaps, the most important parameter for any mobile application or service is the way it is delivered and experienced by the end-users, who usually, in due course, decide to keep it on their software portfolio or not. Most would agree that security and privacy have both a crucial role to play toward this goal. In this context, the current paper revolves around a key question: Do modern mobile applications respect the privacy of the end-user? The focus is on the iPhone platform security and especially on user's data privacy. By the implementation of a DNS poisoning malware and two real attack scenarios on the popular Siri and Tethering services, we demonstrate that the privacy of the end-user is at stake.

Published

2012

10. MASK: An efficient mechanism to extend inter-domain IP spoofing preventions

Author

PeiDong Zhu, Xicheng Lu, YiJiao Chen, and GaoFeng Lü

Subjects

Spoofing attack, General Computer Science, Ingress filtering, Computer science, Inter-domain, Network packet, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Denial-of-service attack, IP address spoofing, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Protocol spoofing, DNS spoofing, business, Computer network

Abstract

IP spoofing hinders the efficiency of DDoS defenses. While recent proposals of IP spoofing prevention mechanisms are weak at filtering spoofing packets due to the complexity in maintaining source IP spaces and the low incentive of deployments. To address this problem, we propose an efficient mechanism to extend the range of inter-domain IP spoofing prevention called MASK. Source MASK nodes inform destination MASK nodes about the source IP spaces and labels of their neighbor Stub-ASes in order to implement the marking and verification of packets towards the Stub-ASes, and limit the number of MASK peers through the propagation of BGP updates so as to reduce the overheads of computing and storing of labels. By utilizing the method of extending the spoofing prevention to Stub-ASes, MASK can not only enlarge the domain of the spoofing prevention service, but also filter spoofing packets in advance. Through analysis and simulations, we demonstrate MASK’s accuracy and effectiveness.

Published

2008

11. Design and Evaluation of DNS as Location Manager for HIP

Author

Hongbin Luo, Hongke Zhang, Yajuan Qin, and Shuigen Yang

Subjects

Name server, business.industry, Computer science, computer.internet_protocol, DNS zone transfer, Domain Name System, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, A domain, Round-robin DNS, Computer Science Applications, law.invention, Identifier, law, Internet Protocol, The Internet, nsupdate, DNS spoofing, Host Identity Protocol, Electrical and Electronic Engineering, business, computer, IP address management, Computer network

Abstract

Host Identity Protocol (HIP) is designed to provide secure and continuous communication by separating the identifier and locator roles of the Internet Protocol (IP) address. HIP also has efficient solutions to support host mobility. In this paper, we propose a location management scheme based on Domain Name System (DNS) for HIP. In the proposed scheme, a new DNS HIP resource record is used to translate a domain name into a host identity tag and an IP address. We also develop an analytical model to study the performance of DNS as location manager in terms of success rate, which takes into account the velocity of mobile nodes, the radius of a subnet, the regional network size, the packet transmission delay between the mobile node and the rendezvous server, and the packet processing delay at the DNS and the rendezvous server. The performance results show that for a reasonable range, the DNS is a feasible solution for location management with high success rate for HIP.

Published

2008

12. Detecting interest cache poisoning in sensor networks using an artificial immune algorithm

Author

Peter J. Bentley, Stephen Hailes, Jungwon Kim, and Christian Wallenta

Subjects

Innate immune system, business.industry, Computer science, Artificial immune system, Real-time computing, Artificial immune algorithm, Machine learning, computer.software_genre, Theory based, Immune system, Artificial Intelligence, Anomaly detection, DNS spoofing, Artificial intelligence, business, computer, Wireless sensor network

Abstract

The objective of this paper is to investigate how a Danger Theory based Artificial Immune System--in particular the Dendritic Cell Algorithm (DCA) can detect an attack on a sensor network. The method is validated using two separate implementations: a simulation using J-sim and an implementation for the T-mote Sky sensor using TinyOS. This paper also introduces a new sensor network attack called an Interest Cache Poisoning Attack and investigates how the DCA can be applied to detect this attack in a series of experiments.

Published

2008