Ali Sadeghi Jahromi, AbdelRahman Abdou (Carleton University)

The Internet’s Public Key Infrastructure (PKI) has been used to provide security to HTTPS and other protocols over the Internet. Such infrastructure began to be increasingly relied upon for DNS security. DNS-over-TLS (DoT) is one recent rising and prominent example, whereby DNS traffic between stub and recursive resolver gets transmitted over a TLS-secured session. The security research community has studied and improved security shortcomings in the web certificate ecosystem. DoT’s certificates, on the other hand, have not been investigated comprehensively. It is also unclear if DoT client-side tools (e.g., stub resolvers) enforce security properly as modern-day browsers and mail clients do for HTTPS and secure email. In this research, we compare the DoT and HTTPS certificate ecosystems. Preliminary results are so far promising, as they show that DoT appears to have benefited from the PKI security advancements that were mostly tailored to HTTPS.

View More Papers

Detecting Kernel Memory Leaks in Specialized Modules with Ownership...

Navid Emamdoost (University of Minnesota), Qiushi Wu (University of Minnesota), Kangjie Lu (University of Minnesota), Stephen McCamant (University of Minnesota)

Read More

Towards Measuring Supply Chain Attacks on Package Managers for...

Ruian Duan (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Ranjita Pai Kasturi (Georgia Institute of Technology), Ryan...

Read More

The Bluetooth CYBORG: Analysis of the Full Human-Machine Passkey...

Michael Troncoso (Naval Postgraduate School), Britta Hale (Naval Postgraduate School)

Read More

(Short) Spoofing Mobileye 630’s Video Camera Using a Projector

Ben Nassi, Dudi Nassi, Raz Ben Netanel and Yuval Elovici (Ben-Gurion University of the Negev)

Read More