Secure Host Name Resolution Infrastructure for Overlay Networks(<Special Section>Networking Technologies for Overlay Networks)
スポンサーリンク
概要
- 論文の詳細を見る
In order to introduce new routing functionality without changing the Internet infrastructure, many routing overlays have been proposed in recent years. Although such overlays allow us to dynamically and flexibly form various types of networks, the current host name resolution mechanism used in the Internet, i.e. DNS, cannot provide us such flexibility in host name referencing because of its delegation-based administration scheme of domain names. And also, it cannot provide us security because of the lack of wide deployment of its security extension, DNSSEC. In this paper, we propose a generic framework for secure and flexible host name resolution infrastructure that can be shared among many routing overlays. In contrast to DNS with which users are forced to use the domain name space managed by IANA/ICANN, our framework separates the name resolution mechanism from the name spaces it handles, which allows users to choose whatever name space they think appropriate for the identity scheme of their overlay-networking community. This realizes decentralized management of domain names and gives users freedom in domain name acquisition. The basic idea to achieve this is to use a cryptographically generated identifier (i.e. a hash of a public key) as a reference to an administrative domain of overlay networking hosts and allow the owner of the domain to securely publish host information using the corresponding private key. We show that a referencing mechanism for such host information can be easily implemented by using distributed hash tables (DHTs), and then show how such "semantic-free" references to domains can be linked to existing identity scheme in order to allow "human-friendly" referencing.
- 社団法人電子情報通信学会の論文
- 2006-09-01
著者
-
TANAKA Toshiaki
KDDI R & D Laboratories Inc.
-
Miyake Yutaka
Kddi R&d Lab. Inc. Fujimino‐shi Jpn
-
KUBOTA Ayumu
KDDI R & D Labs. Inc.
-
Miyake Yutaka
Kddi R & D Labs. Inc.
-
Kubota Ayumu
Kddi R & D Labs. Inc.
-
Tanaka Toshiaki
Kddi R & D Labs. Inc.
関連論文
- Analysis of Program Obfuscation Schemes with Variable Encoding Technique
- On Effectiveness of Clock Control in Stream Ciphers(Information Theory and Its Applications)
- Experimental Analysis of Guess-and-Determine Attacks on Clock-Controlled Stream Ciphers(Cryptography and Information Security, Information Theory and Its Applications)
- Web Tracking Site Detection Based on Temporal Link Analysis and Automatic Blacklist Generation
- Design and implementation of secure area expansion scheme for public wireless LAN services (特集 センサネットワーク)
- Universally composable client-to-client general authenticated key exchange (特集:情報システムを支えるコンピュータセキュリティ技術の再考)
- Universally Composable Client-to-Client General Authenticated Key Exchange
- Efficient Implementation of the Pairing on Mobilephones Using BREW
- Universally Composable Hierarchical Hybrid Authenticated Key Exchange(Protocols,Cryptography and Information Security)
- Review on Sufficient Conditions of SHA-0
- Proposal of a Transformation Method for Iris Codes in Iris Scanning Verification(Biometrics)(Cryptography and Information Security)
- A Fast (k, L, n)-Threshold Ramp Secret Sharing Scheme
- Design of Anonymous Attribute Authentication Mechanism
- A-7-3 Revocation and Addition Mechanisms for Fast (k, n)-Threshold Schemes
- On a Fast (K, n)-Threshold Secret Sharing Scheme
- Analysis of Program Obfuscation Schemes with Variable Encoding Technique
- A Fast (3, n)-Threshold Secret Sharing Scheme Using Exclusive-OR Operations
- Design of τ-Gradual Key-Management Schemes for Mobile Content Distribution (特集:ユビキタス時代を支えるモバイル通信と高度交通システム)
- An Obfuscation Scheme Using Affine Transformation and Its Implementation (特集:ユビキタス社会を支えるコンピュータセキュリティ技術)
- Design of Self-Delegation for Mobile Terminals (特集 多様な社会的責任を担うコンピュータセキュリティ技術)
- Design of Security Architecture for Beyond 3G Mobile Terminals (特集:プライバシを保護するコンピュータセキュリティ技術)
- (Network Services Basics) Notification of Certificate Revocation Status between Different Domains under a PKI System ( Object-Oriented Technologies)
- A-7-9 Key Management for Privacy Protection in Sensor Information Network using Threshold Cryptography
- A-7-18 Proposal of Privacy Protection Mechanism for Sensor Information Network
- Implementation and Evaluation of a Micropayment System for Mobile Environments (Security and Society)
- New Time-Stamping Scheme Using Mutual Communications with Pseudonymous Clients (Applications) (Cryptography and Information Security)
- New Time-Stamping Scheme Using Mutual Communications with Pseudonymous Clients
- A Study of Access Control Method for Mobile Agents by Using Secure Stubs (特集:新たな脅威に立ち向かうコンピュータセキュリティ技術)
- TCP Gateway for Satellite-based Internet Service Considering Accommodation of Multiple Customers (特集 次世代移動通信ネットワークとその応用)
- Web Tracking Site Detection Based on Temporal Link Analysis and Automatic Blacklist Generation
- Detection of Bot Infected PC Using Destination-based IP Address and Domain Name Whitelists
- Secure Host Name Resolution Infrastructure for Overlay Networks(Networking Technologies for Overlay Networks)
- Improved Subset Difference Method with Ternary Tree
- Service Independent Access Control Architecture for User Generated Content (UGC) and Its Implementation
- Zero-Knowledge and Correlation Intractability(Information Security)
- Evaluation of Mutational Capability and Real-Time Applicability of Obfuscation Techniques(Information Hiding, Cryptography and Information Security)
- Software Protection Combined with Tamper-Proof Device
- Optimization of Group Key Management Structure with a Client Join-Leave Mechanism
- Design of Self-Delegation for Mobile Terminals
- Design of Self-Delegation for Mobile Terminals
- Fast Implementation of KCipher-2 for Software and Hardware
- Chosen-IV Correlation Power Analysis on KCipher-2 Hardware and a Masking-Based Countermeasure
- FOREWORD
- Securing distributed storage systems based on arbitrary regenerating codes
- An Obfuscation Scheme Using Affine Transformation and Its Implementation
- BS-7-44 Decodability Attacks in XOR Network Coding
- An Obfuscation Scheme Using Affine Transformation and Its Implementation
- BS-7-41 A Consideration of Detecting Compromised Web Sites by Analyzing Web Link Structures
- Optimization of Group Key Management Structure with a Client Join-Leave Mechanism