DNS-based Authentication of Named Entities
Jämsä, Teemu (2014)
Jämsä, Teemu
2014
Tietotekniikan koulutusohjelma
Tieto- ja sähkötekniikan tiedekunta - Faculty of Computing and Electrical Engineering
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2014-06-04
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201406051253
https://urn.fi/URN:NBN:fi:tty-201406051253
Tiivistelmä
Public Key Infrastructure (PKI) has turned out to be useful when two parties negotiate about a shared secret in order to establish an encrypted connection between them. To verify the public key, a certificate is used. The certificate is issued by a public, generally trusted third party Certificate Authority (CA). Usually, the web browsers have a list of trusted CAs. It is a well-known problem that the number of security risks increases when the number of CAs grows. A compromised CA can, by an attacker's malicious action or by a human error, issue a trusted certificate to a party who does not own the domain.
The purpose of this Master of Science Thesis is to research the applications of the DANE protocol, which is standardized by the IETF. The research question is, how to validate a target receiver while negotiating the encrypted connection. Special focus is on the secure email system. The DANE protocol makes use of the existing Domain Name System (DNS) and its Security Extensions (DNSSEC).
This Master of Science Thesis begins with a theoretical part, where the technical background and current techniques are introduced. The DANE protocol and its features are also considered in this chapter. The latter part considers the method in practice, and describes how DANE can be used for the certificate verification instead of CA.
The testing phase proves that the deployment of DANE is not complex and the increase of delay and traffic are not significant. DANE provides the needed association between the DNSSEC's chain of trust and the received certificate.
The purpose of this Master of Science Thesis is to research the applications of the DANE protocol, which is standardized by the IETF. The research question is, how to validate a target receiver while negotiating the encrypted connection. Special focus is on the secure email system. The DANE protocol makes use of the existing Domain Name System (DNS) and its Security Extensions (DNSSEC).
This Master of Science Thesis begins with a theoretical part, where the technical background and current techniques are introduced. The DANE protocol and its features are also considered in this chapter. The latter part considers the method in practice, and describes how DANE can be used for the certificate verification instead of CA.
The testing phase proves that the deployment of DANE is not complex and the increase of delay and traffic are not significant. DANE provides the needed association between the DNSSEC's chain of trust and the received certificate.