Using Compact DNSSEC and Self-Signed Certificate to Improve Security and Privacy for Second-Level Domain Resolution

Lanlan Pan; Ruonan Qiu; Minghui Yang

doi:10.5220/0013275700003899

Using Compact DNSSEC and Self-Signed Certificate to Improve Security and Privacy for Second-Level Domain Resolution

Lanlan Pan, Ruonan Qiu, Minghui Yang

2025

Abstract

DNS is vulnerable to domain hijack attacks and user privacy leakage. DNSSEC is to defend against the domain hijack attack. However, full zone DNSSEC increases the risk of DDoS attacks. In this paper, we propose a secure resolution scheme with compact DNSSEC and self-signed certificates to improve security and privacy for SLD. The compact DNSSEC enhances the security of the NS of SLD. Based on the cooperation of DANE and compact DNSSEC, the authoritative server of SLD can use the self-signed certificates to provide a secure resolution service to mitigate user privacy leakage. Our scheme can reduce the operational burden of full zone DNSSEC and mitigate the DDoS risk for the authoritative server of SLD.

Download

Paper Citation

in Harvard Style

Pan L., Qiu R. and Yang M. (2025). Using Compact DNSSEC and Self-Signed Certificate to Improve Security and Privacy for Second-Level Domain Resolution. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 615-623. DOI: 10.5220/0013275700003899

in Bibtex Style

@conference{icissp25,
author={Lanlan Pan and Ruonan Qiu and Minghui Yang},
title={Using Compact DNSSEC and Self-Signed Certificate to Improve Security and Privacy for Second-Level Domain Resolution},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={615-623},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013275700003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Using Compact DNSSEC and Self-Signed Certificate to Improve Security and Privacy for Second-Level Domain Resolution
SN - 978-989-758-735-1
AU - Pan L.
AU - Qiu R.
AU - Yang M.
PY - 2025
SP - 615
EP - 623
DO - 10.5220/0013275700003899
PB - SciTePress