"Verifying Keys through Publicity and Communities of Trust: Quantifying Off-Axis Corroboration"

Previous Technical Report Name:"Verifying Keys through Publicity and Communities of Trust: Quantifying Off-Axis Corroboration"
Technical Report number:1110001
Date of Publication: 2013-07-02
Title of Publication: "Verifying Keys through Publicity and Communities of Trust: Quantifying Off-Axis Corroboration"
Abstract: "The DNS Security Extensions (DNSSEC) arguably make DNS the first core Internet system to be protected using public key cryptography. The success of DNSSEC not only protects the DNS, but has generated interest in using this secured global database for new services such as those proposed by the IETF DANE working group. However, continued success is only possible if several important operational issues can be addressed. For ex- ample, .gov and .fr have already suffered misconfigurations where DNS continued to function properly, but DNSSEC failed (thus orphaning their entire subtrees in DNSSEC). Internet-scale verification systems must tolerate this type of chaos, but what kind of verification can one derive from dynamism like this? In this paper, we propose to achieve robust verification with a new theoretical model, called Public Data, which treats operational deployments as Communities of Trust (CoTs) and makes them the verification substrate. Using a realization of the above idea, called Vantages, we quantitatively show that using a reasonable DNSSEC deployment model and a typical choice of a CoT, an adversary would need to “purchase up to 90% of the Internet” before having even a 10% chance of spoofing a DNSKEY. Further, our limited deployment of Vantages has outperformed the verifiability of DNSSEC and has properly validated its data up to 99.5% of the time."
Proceedings or Venue of Publication: Parallel and Distributed Systems, IEEE Transactions on (Volume:25 , Issue: 2 )
BibTeX:
@inproceedings{verisignlabs-conf-1110001,
                   author = {Eric Osterweil and Dan Massey and Lixia Zhang},
                   title = {Verifying Keys through Publicity and Communities of Trust: Quantifying Off-Axis Corroboration},
                   booktitle = {Parallel and Distributed Systems, IEEE Transactions on (Volume:25 , Issue: 2 )},
                   year = {2013},
                   }
  
            
File: New work ./docs/conf-1110001.pdf