Roland van Rijswijk-Deij defends his PhD thesis on improving DNS Security
06 JUN 2017
On June 28, Roland van Rijswijk-Deij (SURFnet and University of Twente) will be defending his PhD thesis entitled 'Improving DNS Security: A Measurement-Based Approach'. In his thesis, he investigates the use of elliptic curve cryptography (ECC) in combination with DNSSEC. He also designed a system for large-scale measurements on the DNS.
Application of DNSSEC is behind schedule
On 28 June 2017, Roland van Rijswijk-Deij (SURFnet and University of Twente) will be defending his PhD thesis entitled “Improving DNS Security: A Measurement-Based Approach”. He investigated ways in which we could improve the security of the Domain Name System (DNS). The DNS translates readable names (e.g. www.example.com) into information which can be used by computers (e.g. 93.184.216.34). However, it also has vulnerable points, such as ‘cache poisoning’. Although DNSSEC is the solution to this problem, its global rollout continues to be behind schedule. This is due to DNSSEC messages containing digital signatures, which are larger than standard DNS messages. As a result, accessibility to domains using DNSSEC may be impaired.
The solution: elliptical curve encryption
This is why Van Rijswijk-Deij investigated a variation on DNSSEC in combination with elliptic curve cryptography. This is an algorithm with much smaller cryptographic keys and signatures than the RSA algorithm widely used for DNSSEC at present. In his thesis, Van Rijswijk-Deij demonstrates that elliptic curve cryptography can be used securely, scalably, and effectively to solve DNSSEC-related problems.
Large-scale measurements
Van Rijswijk-Deij also helped to set up OpenINTEL, a scalable, large-scale measurement system for active measurements on the DNS. This system performs daily measurements on 60% of the global DNS (including top-level domains such as .com, .net and .org) without causing any disruptions to the Internet. These measurements can be used to improve Internet security and stability.
More information
- Roland van Rijswijk-Deij’s PhD thesis: Improving DNS Security: A Measurement-Based Approach (pdf)
- Time and location of Van Rijsweik-Deij's thesis defence at the University of Twente.
- News report: Roland van Rijswijk-Deij wins an international prize for research into elliptic curve cryptography
- Blog post by Roland van Rijswijk-Deij: Elliptic Curve Cryptography: the Next Big Step for DNSSEC
- OpenINTEL website (large-scale DNS measurement system)
