博碩士論文 111423035 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:66 、訪客IP:3.145.81.210
姓名 謝侑廷(You-Ting Hsieh)  查詢紙本館藏   畢業系所 資訊管理學系
論文名稱
(Decentralizing DNS: Leveraging Web3 and Blockchain Smart Contracts for Enhanced Security)
相關論文
★ DeFi 去中心化金融發展現況及風險分析- 以2017~2022 年 6 月為研究區間★ 基於區塊鏈防止雙重投票的匿名投票系統
★ NFT-based 車輛與零件履歷驗證平台★ 基於區塊鏈與代理重新加密之隱私保護威脅情資分享平台
★ 元宇宙與 NFT 應用於旅遊購物虛實整合架構規劃之研究★ Innovations in 6G: Decentralized Network Slice Handover with Proxy Re-Encryption
★ Blockchain-based Federated learning with Data privacy protection★ 具公正性抽獎機制與隱私防護之問卷平台
★ 建立安全可靠的推薦信平台: 基於分散式系統的創新方法★ 去中心化電子書交易平台之區塊鏈框架設計與可行性分析
★ A Decentralized Group-oriented Information Sharing System with Searchable Encryption in Supply Chain Environment★ A Batch Verified Decentralized-AI Against Poisoning Attack In 6G Industrial CPS Environments
★ A Blockchain-based Work Performance Authenticity Platform with User Incentive Mechanism★ 基於區塊鏈與存取控制之多媒體分享平台
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2026-7-31以後開放)
摘要(中) 近年來網路科技日新月異,人手一台電腦和行動裝置已是常態。DNS 服務查詢的基 礎,提供使用者利用關鍵字搜尋或直接輸入網址的方式來去瀏覽各式網站和數位資 訊。然而,網路世界暗藏重重資訊安全隱憂,詐騙、釣魚網站的虛假內容層出不窮, 網路上的攻擊手法種類相當多,像是 DNS 服務阻斷攻擊、中間人攻擊、偽裝、反射/放 大攻擊、殭屍網路、惡意程式、資料外洩等等,其中又以阻斷攻擊(DoS)為最常見且 較容易實施的攻擊,利用龐大且密集的請求行為,使伺服器端無法負荷導致伺服器停 擺無法運作,造成眾多影響,此外,在 DNS 回應資料的穩定性和可用性也是在衡量 DNS 性能一個重要的指標。 有鑑於此,本文提出一種基於區塊鏈的去中心化 Domain Name System(DNS)解決方案,透過區塊鏈技術,DNS 記錄不再由單一 DNS Server 管理維護,而是儲存於 smart contract 上,將可具有不可篡改性,減少在傳統環境中的 DNS 快取中毒攻擊,並針對目前非常氾濫的 DDoS 攻擊上,本系統也能更好地防範針 對 DNS 的攻擊行為,提高可用性和系統整體效率,也設計能使使用者可以提供自身所 擁有的 DNS record,以電信業者為應用環境,維護其 DNS 對於該業者至關重要,我們 透過獎勵機制,增進使用者協助建立安全的 DNS 環境的意願,且在 DNS Record 上設 有時效性,並提供針對異常之 ip 進行註銷,更加提升資料的安全彈性。另外,在加強 效能上,本論文針對身份和資料驗證上採用 BBS+ Signature,由 Boneh、Boyen 和 Shacham 所提出的短簽名方案,他支援簽署多個訊息,同時產生單一輸出數位簽章, 且 BBS+ signature 在金鑰和簽章的的部分都較為輕量,可減少鏈上鏈下的資源消耗。
摘要(英) In recent years, network technology has been rapidly evolving, with personal computers and mobile devices becoming ubiquitous. DNS service queries provide the foundation for users to browse various websites and digital information through keyword searches or direct URL inputs. However, the internet world harbors numerous information security concerns, with fraudulent content from scams and phishing websites proliferating. There are various types of network attacks, such as DNS service denial attacks, man-in-the-middle attacks, impersonation, reflection/amplification attacks, botnets, malware, data breaches, etc. Among these, Denial of Service (DoS) attacks are the most common and easier to implement, using massive and intensive request behaviors to overwhelm servers, causing them to fail and cease operations, resulting in numerous impacts. Furthermore, the stability and availability of DNS response data are important indicators in measuring DNS performance.
In light of this, this paper proposes a blockchain-based decentralized Domain Name System (DNS) solution. Through blockchain technology, DNS records are no longer managed and maintained by a single DNS Server, but are stored on smart contracts, ensuring immutability and reducing DNS cache poisoning attacks in traditional environments. Regarding the currently rampant DDoS attacks, this system can better prevent attacks targeting DNS, improving availability and overall system efficiency. It is also designed to allow users to provide their own DNS records. In the context of telecommunications providers, maintaining their DNS is crucial. We implement a reward mechanism to enhance users′ willingness to assist in establishing a secure DNS environment. Additionally, DNS Records have a time- based validity and provide the ability to revoke abnormal IP addresses, further enhancing data security flexibility.
Moreover, to enhance performance, this thesis adopts BBS+ Signature for identity and data verification. This short signature scheme proposed by Boneh, Boyen, and Shacham supports signing multiple messages while generating a single output digital signature. BBS+ signature is more lightweight in both key and signature aspects, reducing on-chain and off-chain resource consumption.
關鍵字(中) ★ Blockchain
★ Smart Contract
★ Domain Name System
★ BBS+ signature
★ DDoS
★ Network Attack
關鍵字(英) ★ Blockchain
★ Smart Contract
★ Domain Name System
★ BBS+ signature
★ DDoS
★ Network Attack
論文目次 摘要 i
Abstract ii
Table of Contents iii
List of Figures v
List of Tables vi
1 Introduction 1
1.1 Background 1
1.2 Motivation 2
1.3 Contribution 5
2 Related Work 6
2.1 Domain Name System(DNS) 6
2.2 DNS Data Storage Format 7
2.3 Traditional DNS Operation Process 8
2.4 Traditional DNS-Related Attacks and Vulnerabilities 9
2.5 Traditional DNS Protection Mechanisms 10
1. DNSSEC (Domain Name System Security Extensions) 10
2. DoH (Domain Name System over HTTPS) 10
3. DoT (Domain Name System over TLS) 10
2.6 Blockchain 11
2.7 Smart contract 11
2.8 Ganache 11
2.9 Compare 12
3 Preliminaries 14
3.1 BBS+ Signature 14
3.2 BLS12-381 14
3.3 Elliptic Curve Cryptography(ECC) 14
3.4 Bilinear mapping(bilinear map) 15
4 System Proposal 17
4.1 System Model 17
4.2 Security Model 18
4.3 Design Goal 18
4.4 System Overview 19
4.5 System Operation Definition 21
5 System Construction 22
5.1 DNS Record Search on Local Database 22
5.2 DNS Record Search on Smart Contract 22
5.3 Upload DNS Record From Multiple User 22
5.4 Upload and Verify 25
5.5 Rewards 25
5.6 Revoke 25
6 Security Analysis 26
6.1 Data availability 26
6.2 Resist DNS Spoofing, Cache Poisoning, Snooping 26
6.3 Transparency and Traceability 26
6.4 Data Accuracy 26
6.5 Efficient Record Update 27
7 Experiment 28
7.1 Setup 28
7.2 Evaluation of DNS Server 28
7.3 Evaluation DDoS Attack 31
7.4 Evaluation of BBS+ Signature Time Cost 32
7.5 Evaluation Gas Cost on Blockchain 34
8 Conclusion 35
9 Reference 36
參考文獻 [1] F. Zou, S. Zhang, B. Pei, L. Pan, L. Li, and J. Li, "Survey on Domain Name System Security," presented at the 2016 IEEE First International Conference on Data Science in Cyberspace (DSC), 2016.
[2] X. Liang and Y. Kim, "A Survey on Security Attacks and Solutions in the IoT Network," in 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), 27-30 Jan. 2021 2021, pp. 0853-0859, doi: 10.1109/CCWC51732.2021.9376174.
[3] G. C. M. Moura et al., "Anycast vs. DDoS," presented at the Proceedings of the 2016 Internet Measurement Conference, 2016.
[4] A. Klein, H. Schulmann, and M. Waidner, "Internet-wide study of DNS cache injections," IEEE INFOCOM 2017 - IEEE Conference on Computer Communications, pp. 1-9, 2017.
[5] D. Lewis. "The DDoS Attack Against Dyn One Year Later." https://www.forbes.com/sites/davelewis/2017/10/23/the-ddos-attack-against-dyn-one-year-later/?sh=45d42e7b1ae9 (accessed.
[6] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, "DDoS in the IoT: Mirai and Other Botnets," Computer, vol. 50, no. 7, pp. 80-84, 2017, doi: 10.1109/MC.2017.201.
[7] C. Douligeris and A. Mitrokotsa, "DDoS attacks and defense mechanisms: classification and state-of-the-art," Computer Networks, vol. 44, no. 5, pp. 643-666, 2004/04/05/ 2004, doi: https://doi.org/10.1016/j.comnet.2003.10.003.
[8] K. Shah, M. Padhya, and S. Sharma, "Blockchain-Enabled DNS: Enhancing Security and Mitigating Attacks in Domain Name Systems," in 2023 6th International Conference on Signal Processing and Information Security (ICSPIS), 8-9 Nov. 2023 2023, pp. 21-26, doi: 10.1109/ICSPIS60075.2023.10343534.
[9] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "RFC 4033,DNS Security Introduction and Requirements," Network Working Group, 2005. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc4033.
[10] Z. Hu et al., "RFC 7858,Specification for DNS over Transport Layer Security (TLS)," Internet Engineering Task Force (IETF), 2016. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc7858.
[11] P. Hoffman and P. McManus, "RFC 8484,DNS Queries over HTTPS (DoH)," Internet Engineering Task Force (IETF), 2018. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc8484.
[12] Q. Shafi and A. Basit, "DDoS Botnet Prevention using Blockchain in Software Defined Internet of Things," in 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST), 8-12 Jan. 2019 2019, pp. 624-628, doi: 10.1109/IBCAST.2019.8667147.
[13] A. Ramdas and R. Muthukrishnan, "A Survey on DNS Security Issues and Mitigation Techniques," in 2019 International Conference on Intelligent Computing and Control Systems (ICCS), 15-17 May 2019 2019, pp. 781-784, doi: 10.1109/ICCS45141.2019.9065354.
[14] P. V. Mockapetris, "RFC 1034,DOMAIN NAMES - CONCEPTS AND FACILITIES," Network Working Group, 1987, doi: 10.17487/rfc1034.
[15] P. V. Mockapetris, "RFC 1035,DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION," Network Working Group, 1987. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc1035.
[16] B. Sieklik, R. Macfarlane, and W. J. Buchanan, "Evaluation of TFTP DDoS amplification attack," Computers & Security, vol. 57, pp. 67-92, 2016/03/01/ 2016, doi: https://doi.org/10.1016/j.cose.2015.09.006.
[17] Imperva.com. "DNS Spoofing." https://www.imperva.com/learn/application-security/dns-spoofing/ (accessed.
[18] S. Goldlust. "What is DNS Cache snooping?" https://kb.isc.org/docs/aa-00509 (accessed.
[19] C. Deccio and J. Davis, "DNS privacy in practice and preparation," presented at the Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, Orlando, Florida, 2019. [Online]. Available: https://doi.org/10.1145/3359989.3365435.
[20] S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," 2008. [Online]. Available: www.bitcoin.org.
[21] Q. E. Abbas and J. Sung-Bong, "A Survey of Blockchain and Its Applications," in 2019 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), 11-13 Feb. 2019 2019, pp. 001-003, doi: 10.1109/ICAIIC.2019.8669067.
[22] C. Lu et al., "An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?," presented at the Proceedings of the Internet Measurement Conference, Amsterdam, Netherlands, 2019. [Online]. Available: https://doi.org/10.1145/3355369.3355580.
[23] L. Jin, S. Hao, Y. Huang, H. Wang, and C. Cotton, "DNSonChain: Delegating Privacy-Preserved DNS Resolution to Blockchain," in 2021 IEEE 29th International Conference on Network Protocols (ICNP), 1-5 Nov. 2021 2021, pp. 1-11, doi: 10.1109/ICNP52444.2021.9651951.
[24] Z. Li, S. Gao, Z. Peng, S. Guo, Y. Yang, and B. Xiao, "B-DNS: A Secure and Efficient DNS Based on the Blockchain Technology," IEEE Transactions on Network Science and Engineering, vol. 8, no. 2, pp. 1674-1686, 2021, doi: 10.1109/TNSE.2021.3068788.
[25] Y. Fu, J. Wei, Y. Li, B. Peng, and X. Li, "TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain," in 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 1-3 Nov. 2023 2023, pp. 265-274, doi: 10.1109/TrustCom60117.2023.00055.
[26] "Use of DNSSEC Validation for World (XA)," 2024. [Online]. Available: https://stats.labs.apnic.net/dnssec/.
[27] "TLD Zone File Statistics," 2024. [Online]. Available: https://www.statdns.com/.
[28] T. Chung et al., "Understanding the role of registrars in DNSSEC deployment," presented at the Proceedings of the 2017 Internet Measurement Conference, London, United Kingdom, 2017. [Online]. Available: https://doi.org/10.1145/3131365.3131373.
[29] M. W. Haya Shulman, "One Key to Sign Them All Considered Vulnerable:
Evaluation of DNSSEC in the Internet," USENIX, 2017.
[30] D. Boneh, X. Boyen, and H. Shacham, "Short Group Signatures," in Advances in Cryptology – CRYPTO 2004, Berlin, Heidelberg, M. Franklin, Ed., 2004// 2004: Springer Berlin Heidelberg, pp. 41-55.
[31] S. Bow, "BLS12-381: New zk-SNARK Elliptic Curve Construction," 2017. [Online]. Available: https://electriccoin.co/blog/new-snark-curve/.
[32] T. Looker, V. Kalos, A. Whitehead, and M. Lodder, "The BBS Signature Scheme," 2022. [Online]. Available: https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html.
[33] mattrglobal, "mattrglobal_ffi-bbs-signatures," 2023. [Online]. Available: https://github.com/mattrglobal/ffi-bbs-signatures.
[34] Cloudflare, "ECDSA & DNSSEC," 2024. [Online]. Available: https://www.cloudflare.com/zh-tw/dns/dnssec/ecdsa-and-dnssec/.
[35] A. S. Roland van Rijswijk-Deij, Aiko Pras, "Making the Case for Elliptic Curves in DNSSEC," ACM SIGCOMM Computer Communication Review, 2015.
指導教授 葉羅堯(Lo-Yao Yeh) 審核日期 2024-7-29
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明