Hackers today take advantage of the long-standing trust in the Domain Name System (DNS) and work to trick the system by stealing information and redirecting data.
That is where the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is working to restore trust in the system and make websites more secure and reliable by improving the DNS.
DHS is now working on the S&Ts Domain Name System Security Extensions (DNSSEC) project, which authenticates the existence, ownership, and integrity of data while systematically validating sources, including hundreds of servers, or nodes.
Most websites are not self-contained, but are a patchwork of information drawn from scores of sources.
“The value of DNSSEC reaches far beyond preventing hackers from obtaining login information,” said Edward Rhyne, DNSSEC program manager in S&T’s Cyber Security Division. “DNSSEC is the foundation for a new trust model for all communications on the Internet, essentially protecting this vital infrastructure.”
As governments, banks, Internet service providers, businesses, and other stakeholders become more aware of DNS-related threats, DNSSEC adoption is gaining momentum. “Users are starting to understand,” Rhyne said. “A hacker may insert a malicious server between a user and their bank, enabling collection of login credentials and account information—allowing the hacker to steal an identity and transfer money as the authorized user.”
Since 2004, S&T and its partners, have worked to build support for DNSSEC, which has resulted in support and compliance by registrars from all over the world.
Registars for more than 20 country codes, including .us and .uk, are taking part in this effort. In addition, DNSSEC is in the .edu, .gov,.org, .net, and .com zones, while top-level domains of the U.S. military’s .mil should be DNSSEC-signed in December 2011. Adoption by these most commonly utilized domains paves the way for adoption by lower-level domains, and will ultimately create a complete end-to-end chain.