摘要
为了确保域名系统与域间路由系统的安全运行,互联网工程任务组(IETF,internet engineering task force)提出了2项互联网名址体系安全保障技术——DNS安全扩展(DNSSEC,domain name system security extention)与资源公钥基础设施(RPKI,resource public key infrastructure)。在域名系统层面,DNSSEC通过使用公钥基础设施在DNS原有的体系结构上添加数字签名,为DNS提供了权限认证和信息完整性验证,成为了域名系统安全的基石;域间路由系统层面,RPKI通过公钥证书对互联网码号资源的所有权和使用权进行认证,构建了一个支撑域间路由安全的互联网基础资源管理体系。近年来,DNSSEC与RPKI在全球范围内的部署不断推进,为了解其在全球互联网的应用情况,以Alex前106个网站为数据集,对2项互联网名址体系安全保障技术及其应用状况进行了研究与分析。
In order to ensure the security of domain name system and inter-domain routing system, Internet Engineering Task Force(IETF) proposed two kinds of security technology, namely domain name system security extention(DNSSEC) and resource public key infrastructure(RPKI). For the domain name system, DNSSEC added the digital signature to the original architecture of DNS using the public key infrastructure and it provided the authentication and integrity verification of DNS information, which became the anchor of domain name system security. For the inter-domain routing system, RPKI utilized the public key certificate to authenticate the ownership and usage rights of the Internet number resources and builds an Internet resource management system to enhance inter-domain routing security. Recently, the globally development of DNSSEC and RPKI were continuously expanding. In order to research the application of the two kinds of technology, Alexa top 1 million websites were taken as the data set to study and analyze the application status of DNSSEC and RPKI.
作者
王翠翠
延志伟
耿光刚
WANG Cui-cui YAN Zhi-wei GENG Guang-gang(China Intemet Network Information Center, Beijing 100190, China National Engineering Laboratory for Internet Domain Name Management, Beijing 100190, China)
出处
《网络与信息安全学报》
2017年第3期34-42,共9页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61375039
No.61303242)~~
关键词
域名系统
域间路由系统
DNS安全扩展
资源公钥基础设施
domain name system
inter-domain routing system
domain name system security extension
resource public key infrastructure