KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Automated Method for the Efficient Management of DNSSEC Singing Keys in Korea

국내 DNSSEC 서명키의 효율적인 관리를 위한 자동화 방안

  • 최명희 (한국인터넷진흥원) ;
  • 김승주 (고려대학교 사이버국방학과, 고려대학교 정보보호대학원)
  • Received : 2015.05.08
  • Accepted : 2015.07.06
  • Published : 2015.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we study and implement ways for users to easily apply and manage the DNSSEC in a domestic environment. DNSSEC is the DNS cache information proposed to address the vulnerability of modulation. However, DNSSEC is difficult to apply and manage due to insufficient domestic applications. In signing keys for efficient and reliable management of DNSSEC, we propose proactive monitoring SW and signing keys. This is an automatic management s/w signing key for DNSSEC efficient and reliable management and to provide a monitoring of the signing key. In addition to the proposed details of how DNSSEC signing key update and monitoring progress smoothly, we expect that the present study will help domestic users to apply and manage DNSSEC easily.

본 논문은 DNSSEC 적용을 국내 환경에 맞게, 사용자들이 보다 쉽게 적용 및 관리할 수 있는 방법에 대해 연구하고 구현하였다. DNSSEC은 DNS 캐시 정보가 위 변조되는 취약점을 해결하기 위해 제안된 것으로, DNSSEC 적용 및 관리에 어려움이 있어 국내 적용이 미비한 편이다. 이에 DNSSEC의 효율적이고 안정적인 관리를 위한 서명키 자동관리 SW와 서명키 모니터링을 제안하고자 한다. 더불어 제안한 사항을 실제 구축하여 DNSSEC 서명키 갱신과 모니터링이 원활하게 진행되는지 살펴보고, 본 연구가 향후 국내 DNSSEC 사용자들이 보다 쉽게 DNSSEC를 적용 관리하는 데 도움이 될 것으로 기대한다.

Keywords

References

  1. APNIC DNSSEC statistics homepage, APNIC [Internet], http://stats.labs.apnic.net/dnssec.
  2. Security and Stability Advisory Committee(SSAC), "SAC063 Advisory on DNSSEC KEY Rollover in the Root Zone," ICANN, pp.1-34, Nov., 2013.
  3. Internet storm center homepage, SANS Technology Institute [Internet], https://isc.sans.edu/forums/diary/biz+DNSSEC+DNSKEY+is+Invalid/16046.
  4. Dowon Kim, "The Understanding of Internet using-based DNS and DNS Security," Internet & Security focus, Vol.9, pp.6-25. KISA, Sep., 2013.
  5. SANS, "March 2005 DNS Poisoning Summary," [Internet], https://isc.sans.edu/presentations/dnspoisoning.html.
  6. KISA, "DNSSEC Introduction and management of operational guideline," pp.1-227, Nov., 2013.
  7. TTA(Telecommunications Techonlolgy Association), "Domestic DNSSEC demonstration domain name server registration and building instructions," TTAK.KO-10.0315, TTA, Nov., 2009.
  8. Hansang Lee, "The Study for Implementation of DNSSEC and Key Management Method in kr DNS," TM 621.39-9-949, pp.1-101, Yonsei University Graduate School of Engineering, Aug., 2009.
  9. KISA, "DNSSEC Domestic & International Trends and National Action Plans," ICT Forum Korea, Aug., 2009.
  10. Verisign, "Anatomy of Recent DNS Reflector Attacks from the Victim and Reflector Point of View," pp.1-16, Apr., 2006.
  11. D. Migault, "Outsourcing Home Network Authoritative Naming Service," homenet WG, pp.1-25, IETF, Feb., 2015.