Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense

doi:10.1016/j.comnet.2024.110777

	Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense
	Fu, Yufan 1,2; Lee, Xiaodong 1,3; Wei, Jiuqi 1,2; Li, Ying 1,2; Peng, Botao 1
	2024-12-01
发表期刊	COMPUTER NETWORKS
ISSN	1389-1286
卷号	254 页码:18
摘要	Domain Name System (DNS) is the backbone of the Internet infrastructure, converting human-friendly domain names into machine-processable IP addresses. However, DNS remains vulnerable to various security threats, such as cache poisoning attacks, where malicious attackers inject false information into DNS resolvers' caches. Although efforts have been made to enhance DNS against such vulnerabilities, existing countermeasures often fall short in one or more areas: they may offer limited resistance to the collusion attack, introduce significant overhead, or require complex implementation that hinders widespread adoption. To address these challenges, this paper introduces TI-DNS+, a trusted and incentivized blockchain-based DNS resolution architecture for cache poisoning defense. TI-DNS+ introduces a Verification Cache exploiting blockchain ledger's immutable nature to detect and correct forged DNS responses. The architecture also incorporates a multi-resolver Query Vote mechanism, enhancing the ledger's credibility by validating each record modification through a stake-weighted algorithm. This algorithm selects resolvers as validators based on their stake proportion. To promote well-behaved participation, TI-DNS+ also implements a novel stake-based incentive mechanism that optimizes the generation and distribution of stake rewards. This ensures that incentives align with participants' contributions, achieving incentive compatibility, fairness, and efficiency. Moreover, TI-DNS+ possesses high practicability as it requires only resolver-side modifications to current DNS. Finally, through comprehensive prototyping and experimental evaluations, the results demonstrate that our solution effectively mitigates DNS cache poisoning. Compared to competitors, our solution improves attack resistance by 1-3 orders of magnitude, while also reducing resolution latency by 5% to 68%.
关键词	DNS Cache poisoning attack Blockchain Smart contract Incentive mechanism
DOI	10.1016/j.comnet.2024.110777
收录类别	SCI
语种	英语
资助项目	National Natural Science Foundation of China[62202450] ; National Natural Science Foundation of China[E051570]
WOS研究方向	Computer Science ; Engineering ; Telecommunications
WOS类目	Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Engineering, Electrical & Electronic ; Telecommunications
WOS记录号	WOS:001319410300001
出版者	ELSEVIER
引用统计
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/39586
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Lee, Xiaodong
作者单位	1.Chinese Acad Sci, Inst Comp Technol, Lab Internet Infrastruct, Beijing, Peoples R China 2.Univ Chinese Acad Sci, Beijing, Peoples R China 3.Fuxi Inst, Heze 274000, Peoples R China
推荐引用方式 GB/T 7714	Fu, Yufan,Lee, Xiaodong,Wei, Jiuqi,et al. Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense[J]. COMPUTER NETWORKS,2024,254:18.
APA	Fu, Yufan,Lee, Xiaodong,Wei, Jiuqi,Li, Ying,&Peng, Botao.(2024).Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense.COMPUTER NETWORKS,254,18.
MLA	Fu, Yufan,et al."Securing the internet's backbone: A blockchain-based and incentive-driven architecture for DNS cache poisoning defense".COMPUTER NETWORKS 254(2024):18.