Roland van Rijswijk-Deij defends his PhD thesis on improving DNS Security

06 JUN 2017

On June 28, Roland van Rijswijk-Deij (SURFnet and University of Twente) will be defending his PhD thesis entitled 'Improving DNS Security: A Measurement-Based Approach'. In his thesis, he investigates the use of elliptic curve cryptography (ECC) in combination with DNSSEC. He also designed a system for large-scale measurements on the DNS.

Application of DNSSEC is behind schedule

On 28 June 2017, Roland van Rijswijk-Deij (SURFnet and University of Twente) will be defending his PhD thesis entitled “Improving DNS Security: A Measurement-Based Approach”. He investigated ways in which we could improve the security of the Domain Name System (DNS). The DNS translates readable names (e.g. www.example.com) into information which can be used by computers (e.g. 93.184.216.34). However, it also has vulnerable points, such as ‘cache poisoning’. Although DNSSEC is the solution to this problem, its global rollout continues to be behind schedule. This is due to DNSSEC messages containing digital signatures, which are larger than standard DNS messages. As a result, accessibility to domains using DNSSEC may be impaired.

The solution: elliptical curve encryption

This is why Van Rijswijk-Deij investigated a variation on DNSSEC in  combination with elliptic curve cryptography. This is an algorithm with much smaller cryptographic keys and signatures than the RSA algorithm widely used for DNSSEC at present. In his thesis, Van Rijswijk-Deij demonstrates that elliptic curve cryptography can be used securely, scalably, and effectively to solve DNSSEC-related problems.

Large-scale measurements

Van Rijswijk-Deij also helped to set up OpenINTEL, a scalable, large-scale measurement system for active measurements on the DNS. This system performs daily measurements on 60% of the global DNS (including top-level domains such as .com, .net and .org) without causing any disruptions to the Internet. These measurements can be used to improve Internet security and stability.

More information