DSpace Repository

Model Checking the Kaminsky DNS Cache-Poisoning Attack Using PRISM

Show simple item record

dc.contributor.advisor Smolka, Scott A. en_US
dc.contributor.advisor Stoller, Scott en_US
dc.contributor.author Deshpande, Tushar Suhas en_US
dc.contributor.other Department of Computer Science en_US
dc.date.accessioned 2012-05-15T18:02:55Z
dc.date.accessioned 2015-04-24T14:45:23Z
dc.date.available 2012-05-15T18:02:55Z
dc.date.available 2015-04-24T14:45:23Z
dc.date.issued 2010-05-01 en_US
dc.identifier Deshpande_grad.sunysb_0771M_10119.pdf en_US
dc.identifier.uri http://hdl.handle.net/1951/55407 en_US
dc.identifier.uri http://hdl.handle.net/11401/70975 en_US
dc.description.abstract We use the probabilistic model checker PRISM to formally model and analyze the highly publicized Kaminsky DNS cache-poisoning attack. DNS (Domain Name System) is an internet-wide, hierarchical naming system used to translate domain names such as google.com into physical IP addresses such as 208.77.188.166. The Kaminsky DNS attack is a recently discovered vulnerability in DNS that allows an intruder to hijack a domain; i.e. corrupt a DNS server so that it replies with the IP address of a malicious web server when asked to resolve the URL of a non-malicious domain such as google.com. A proposed fix for the attack is based on the idea of randomizing the source port a DNS server uses when issuing a query to another server in the DNS hierarchy.We use PRISM to introduce a Continuous Time Markov Chain representation of the Kaminsky attack and the proposed fix, and to perform the requisite probabilistic model checking. Our results, gleaned from more than 240 PRISM runs, formally validate the existence of the Kaminsky cache-poisoning attack even in the presence of an intruder with virtually no knowledge of the victim DNS server's actions. They also serve to quantify the effectiveness of the proposed fix, demonstrating an exponentially decreasing, long-tail trajectory for the probability of a successful attack with an increasing range of source-port ids, as well as an increasing attack probability with an increasing number of attempted attacks or increasing rate at which the intruder guesses the source-port id. en_US
dc.description.sponsorship This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree. en_US
dc.format Monograph en_US
dc.format.medium Electronic Resource en_US
dc.language.iso en_US en_US
dc.publisher The Graduate School, Stony Brook University: Stony Brook, NY. en_US
dc.subject.lcsh Computer Science en_US
dc.subject.other dns, formal verification, kaminsky, prism, security en_US
dc.title Model Checking the Kaminsky DNS Cache-Poisoning Attack Using PRISM en_US
dc.type Thesis en_US
dc.mimetype Application/PDF en_US
dc.contributor.committeemember Erez Zadok. en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account