TY - GEN
T1 - Measuring Adoption of DNS Security Mechanisms with Cross-Sectional Approach
AU - Yajima, Masanori
AU - Chiba, Daiki
AU - Yoneya, Yoshiro
AU - Mori, Tatsuya
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - The threat of attacks targeting a DNS, such as DNS cache poisoning attacks and DNS amplification attacks, continues unabated. In addition, attacks that exploit the difficulty in deter-mining the authenticity of domain names, such as phishing sites and fraudulent emails, continue to be a significant threat. Various DNS security mechanisms have been proposed, standardized, and implemented as effective countermeasures against DNS-related attacks. However, it is not clear how widespread these security mechanisms are in the DNS ecosystem and how effectively they work in the wild. With this background, this study targets the major DNS security mechanisms deployed for the DNS name servers, DNSSEC, DNS Cookies, CAA, SPF, DMARC, MTA-STS, DANE, and TLSRPT, and a large-scale measurement analysis of their deployment is conducted. Our results quantitatively reveal that, as of 2021, the adoption rate of most DNS security mechanisms, except SPF, remains low, and the adoption rate is lower for mechanisms that are more difficult to configure. These findings suggest the importance of developing easy-to-deploy tools to promote the adoption of security mechanisms.
AB - The threat of attacks targeting a DNS, such as DNS cache poisoning attacks and DNS amplification attacks, continues unabated. In addition, attacks that exploit the difficulty in deter-mining the authenticity of domain names, such as phishing sites and fraudulent emails, continue to be a significant threat. Various DNS security mechanisms have been proposed, standardized, and implemented as effective countermeasures against DNS-related attacks. However, it is not clear how widespread these security mechanisms are in the DNS ecosystem and how effectively they work in the wild. With this background, this study targets the major DNS security mechanisms deployed for the DNS name servers, DNSSEC, DNS Cookies, CAA, SPF, DMARC, MTA-STS, DANE, and TLSRPT, and a large-scale measurement analysis of their deployment is conducted. Our results quantitatively reveal that, as of 2021, the adoption rate of most DNS security mechanisms, except SPF, remains low, and the adoption rate is lower for mechanisms that are more difficult to configure. These findings suggest the importance of developing easy-to-deploy tools to promote the adoption of security mechanisms.
KW - DNS Security
KW - Measurement
UR - http://www.scopus.com/inward/record.url?scp=85127248750&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85127248750&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM46510.2021.9685960
DO - 10.1109/GLOBECOM46510.2021.9685960
M3 - Conference contribution
AN - SCOPUS:85127248750
T3 - 2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings
BT - 2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE Global Communications Conference, GLOBECOM 2021
Y2 - 7 December 2021 through 11 December 2021
ER -