University of Twente Student Theses


Providing DNS Security in Post-Quantum Era with Hash-Based Signatures

Jafarli, Sevinj (2022) Providing DNS Security in Post-Quantum Era with Hash-Based Signatures.

[img] PDF
Abstract:With the advent of quantum computers, current practices in DNSSEC will become vulnerable and obsolete since Shor’s algorithm was proven to break public-key cryptography. Therefore, providing security of the DNS in the post-quantum era becomes the main challenge and point of interest for different research groups. In this thesis, we propose an innovative way of signing DNS using Merkle Tree and XMSS HashBased Signature Scheme as having been proven to be quantum-resistant. We suggest grouping resource records as leaves of a Merkle tree and signing the root of the tree with XMSS. In this scenario, the signature over the record is merely the intermediary hash nodes to recompute the root and the signature over ’DNSKEY’ is the XMSS signed root node. Since the size of the tree determines the length of the authentication path (signature size) and hence what needs to be transmitted in DNS messages, larger trees will lead to an increase in the signature size as well as more time to update the tree and compute the signatures. Therefore, the objectives of this research are threefold. The first is to identify important variables from the proposed approach to be traded off. The second is to analyse and evaluate the impact of the variables on important DNS metrics such as signature size, signing and verification speed. Finally, checking the impact of the innovative grouping approach based on the popularity or update frequencies of the records on the tree update frequencies along with the metrics.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page