View publication
| Title | Poor Man's Hardware Security Module (pmHSM): A Threshold Cryptographic Backend for DNSSEC |
| Authors | Francisco Cifuentes, Alejandro Hevia, Francisco Montoto, Tomas Barros, Javier Bustos-Jiménez |
| Publication date | 2016 |
| Abstract | The DNS Security Extensions (DNSSEC) add a new layer of security based on public-key infrastructure: each DNS record is digitally signed to verify the authenticity of the answer. However, the introduction of DNSSEC has an impact in the operational workflow of DNS systems: (i) signatures have an expiration date, hence the records must be periodically signed and (ii) key management tasks can be overwhelming. These are problems specially for DNS zones with several records (for instance a Top Level Domain). The adoption of Hardware Security Module (HSM) is an option to provide highly secured keys and signature management. Nevertheless HSM is expensive and hardware can fail. We present a novel system based on threshold cryptography, called Poor Man's Hardware Security Module (pmHSM), which provides the signature components of an HSM over inexpensive commodity hardware to support the operational signing workflow of DNSSEC. This approach significantly improves security and availability of the overall system since the secret key is left beyond the reach of malicious compromises, it is spread among several independent nodes of the system. |
| Downloaded | 9 times |
| Conference name | Latin America Networking Conference |
| Publisher | ACM Press (New York, NY, USA) |
|
|
| Reference URL |
|