B-DNS: A Secure and Efficient DNS Based on the Blockchain Technology

Zecheng Li; Shang Gao; Zhe Peng; Songtao Guo; Yuanyuan Yang; Bin Xiao

doi:10.1109/TNSE.2021.3068788

B-DNS: A Secure and Efficient DNS Based on the Blockchain Technology

Zecheng Li, Shang Gao, Zhe Peng, Songtao Guo, Yuanyuan Yang, Bin Xiao^*

^*Corresponding author for this work

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

9 Citations (Scopus)

Abstract

The Domain Name System (DNS) plays a crucial role in the Internet. However, it is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Though some countermeasures have been proposed, they still have some limitations. In this paper, we propose B-DNS, a blockchain-based domain name system, which can provide a secure and efficient DNS service. B-DNS fills up two shortcomings of current blockchain-based DNS, namely computation-heavy Proof-of-Work (PoW) protocol and inefficient query, by building a PoS consensus protocol and an index of domains. We propose a novel way to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS, the attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far less than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations.

Original language	English
Pages (from-to)	1674-1686
Number of pages	13
Journal	IEEE Transactions on Network Science and Engineering
Volume	8
Issue number	2
Early online date	25 Mar 2021
DOIs	https://doi.org/10.1109/TNSE.2021.3068788
Publication status	Published - Jun 2021

Scopus Subject Areas

Control and Systems Engineering
Computer Science Applications
Computer Networks and Communications

User-Defined Keywords

Blockchain
Computer crime
Consensus protocol
Denial-of-service attack
Domain Name System
IP networks
Internet
Network Security
Security
Servers

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/TNSE.2021.3068788

Cite this

@article{bb84a19756a54ac5a7da54faa1a6ff0b,

title = "B-DNS: A Secure and Efficient DNS Based on the Blockchain Technology",

abstract = "The Domain Name System (DNS) plays a crucial role in the Internet. However, it is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Though some countermeasures have been proposed, they still have some limitations. In this paper, we propose B-DNS, a blockchain-based domain name system, which can provide a secure and efficient DNS service. B-DNS fills up two shortcomings of current blockchain-based DNS, namely computation-heavy Proof-of-Work (PoW) protocol and inefficient query, by building a PoS consensus protocol and an index of domains. We propose a novel way to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS, the attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far less than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations.",

keywords = "Blockchain, Computer crime, Consensus protocol, Denial-of-service attack, Domain Name System, IP networks, Internet, Network Security, Security, Servers",

author = "Zecheng Li and Shang Gao and Zhe Peng and Songtao Guo and Yuanyuan Yang and Bin Xiao",

note = "Funding Information: Manuscript received September 12, 2020; revised January 21, 2021; accepted February 25, 2021. Date of publication March 25, 2021; date of current version July 7, 2021. This work was partially sponsored by Hong Kong Research Grant Council (RGC) under Grants GRF PolyU 15216220 and 152124/19E. This work was partially supported by Guangdong Basic and Applied Basic Research Foundation 2020A1515111070. Recommended for acceptance by Dr. Yulei Wu. (Corresponding author: Bin Xiao.) Zecheng Li, Shang Gao, and Bin Xiao are with the Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong (e-mail: cszcli@comp.polyu.edu.hk; shanggao@comp.polyu.edu.hk; csbxiao@comp. polyu.edu.hk). Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2021",

month = jun,

doi = "10.1109/TNSE.2021.3068788",

language = "English",

volume = "8",

pages = "1674--1686",

journal = "IEEE Transactions on Network Science and Engineering",

issn = "2327-4697",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - B-DNS

T2 - A Secure and Efficient DNS Based on the Blockchain Technology

AU - Li, Zecheng

AU - Gao, Shang

AU - Peng, Zhe

AU - Guo, Songtao

AU - Yang, Yuanyuan

AU - Xiao, Bin

N1 - Funding Information: Manuscript received September 12, 2020; revised January 21, 2021; accepted February 25, 2021. Date of publication March 25, 2021; date of current version July 7, 2021. This work was partially sponsored by Hong Kong Research Grant Council (RGC) under Grants GRF PolyU 15216220 and 152124/19E. This work was partially supported by Guangdong Basic and Applied Basic Research Foundation 2020A1515111070. Recommended for acceptance by Dr. Yulei Wu. (Corresponding author: Bin Xiao.) Zecheng Li, Shang Gao, and Bin Xiao are with the Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong (e-mail: cszcli@comp.polyu.edu.hk; shanggao@comp.polyu.edu.hk; csbxiao@comp. polyu.edu.hk). Publisher Copyright: © 2013 IEEE.

PY - 2021/6

Y1 - 2021/6

N2 - The Domain Name System (DNS) plays a crucial role in the Internet. However, it is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Though some countermeasures have been proposed, they still have some limitations. In this paper, we propose B-DNS, a blockchain-based domain name system, which can provide a secure and efficient DNS service. B-DNS fills up two shortcomings of current blockchain-based DNS, namely computation-heavy Proof-of-Work (PoW) protocol and inefficient query, by building a PoS consensus protocol and an index of domains. We propose a novel way to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS, the attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far less than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations.

AB - The Domain Name System (DNS) plays a crucial role in the Internet. However, it is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Though some countermeasures have been proposed, they still have some limitations. In this paper, we propose B-DNS, a blockchain-based domain name system, which can provide a secure and efficient DNS service. B-DNS fills up two shortcomings of current blockchain-based DNS, namely computation-heavy Proof-of-Work (PoW) protocol and inefficient query, by building a PoS consensus protocol and an index of domains. We propose a novel way to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS, the attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far less than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations.

KW - Blockchain

KW - Computer crime

KW - Consensus protocol

KW - Denial-of-service attack

KW - Domain Name System

KW - IP networks

KW - Internet

KW - Network Security

KW - Security

KW - Servers

UR - http://www.scopus.com/inward/record.url?scp=85103294058&partnerID=8YFLogxK

U2 - 10.1109/TNSE.2021.3068788

DO - 10.1109/TNSE.2021.3068788

M3 - Article

AN - SCOPUS:85103294058

SN - 2327-4697

VL - 8

SP - 1674

EP - 1686

JO - IEEE Transactions on Network Science and Engineering

JF - IEEE Transactions on Network Science and Engineering

IS - 2

ER -

B-DNS: A Secure and Efficient DNS Based on the Blockchain Technology

Abstract

Scopus Subject Areas

User-Defined Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this