MS defense: DNSSEC and PKI
MS Thesis Defense
An Operational Study of DNSSEC and its Practical
Application in Establishing a Secure PKI Framework
Colin Roby
4:00pm 19 June 2012, ITE 325b
With the recent completion of signing the DNS Root and various TLD (top level domain), DNSSEC is gradually progressing towards an internet-wide adoption. The extension of DNSSEC security measures addresses many of the security flaws plagued the underlying DNS architecture since its inception. Once widely deployed, DNSSEC will pave the way for extending security service to a wide range of applications. This study focuses on the practicability of current iteration of DNSSEC implementation. Through a virtual network configuration which mimics a typical corporate environment, we explore viable options to establish a secure PKI framework based on DNSSEC in spite of its current limitations. In this endeavour, we propose a simple yet effective method to combine a corporate existing LDAP based directory service with DNSSEC to form a PKI key exchange infrastructure – one which is intuitive to administer and easy to scale to any large corporate network. We demonstrate the advantage of such a PKI framework in one area of its application – the common use of email. Using a prototype email client application, we illustrate how such a framework can promote and facilitate a more secure email system in terms of authenticity, integrity and confidentiality.
Committee: Dr. Deepinder Sidhu (Chair), Dr. Chein-I Chang, Dr. Yun Peng
Posted: June 16, 2012, 8:46 AM