TY - JOUR
T1 - B-DNS
T2 - A Secure and Efficient DNS Based on the Blockchain Technology
AU - Li, Zecheng
AU - Gao, Shang
AU - Peng, Zhe
AU - Guo, Songtao
AU - Yang, Yuanyuan
AU - Xiao, Bin
N1 - Funding Information:
Manuscript received September 12, 2020; revised January 21, 2021; accepted February 25, 2021. Date of publication March 25, 2021; date of current version July 7, 2021. This work was partially sponsored by Hong Kong Research Grant Council (RGC) under Grants GRF PolyU 15216220 and 152124/19E. This work was partially supported by Guangdong Basic and Applied Basic Research Foundation 2020A1515111070. Recommended for acceptance by Dr. Yulei Wu. (Corresponding author: Bin Xiao.) Zecheng Li, Shang Gao, and Bin Xiao are with the Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong (e-mail: [email protected]; [email protected]; csbxiao@comp. polyu.edu.hk).
Publisher Copyright:
© 2013 IEEE.
PY - 2021/6
Y1 - 2021/6
N2 - The Domain Name System (DNS) plays a crucial role in the Internet. However, it is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Though some countermeasures have been proposed, they still have some limitations. In this paper, we propose B-DNS, a blockchain-based domain name system, which can provide a secure and efficient DNS service. B-DNS fills up two shortcomings of current blockchain-based DNS, namely computation-heavy Proof-of-Work (PoW) protocol and inefficient query, by building a PoS consensus protocol and an index of domains. We propose a novel way to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS, the attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far less than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations.
AB - The Domain Name System (DNS) plays a crucial role in the Internet. However, it is vulnerable to many attacks such as the cache poisoning attack and DDoS attack. Though some countermeasures have been proposed, they still have some limitations. In this paper, we propose B-DNS, a blockchain-based domain name system, which can provide a secure and efficient DNS service. B-DNS fills up two shortcomings of current blockchain-based DNS, namely computation-heavy Proof-of-Work (PoW) protocol and inefficient query, by building a PoS consensus protocol and an index of domains. We propose a novel way to quantitatively compare the security of B-DNS and legacy DNS in terms of attack success rate, attack cost, and attack surface. Our experiments show that the probability of a successful attack on B-DNS is 1% of a successful attack on legacy DNS, the attack cost goes up a million times in B-DNS, and the attack surface of B-DNS is far less than that of legacy DNS. The query performance evaluation of B-DNS shows that B-DNS can achieve similar or even less query latency than state-of-the-art commercial DNS implementations.
KW - Blockchain
KW - Computer crime
KW - Consensus protocol
KW - Denial-of-service attack
KW - Domain Name System
KW - IP networks
KW - Internet
KW - Network Security
KW - Security
KW - Servers
UR - http://www.scopus.com/inward/record.url?scp=85103294058&partnerID=8YFLogxK
U2 - 10.1109/TNSE.2021.3068788
DO - 10.1109/TNSE.2021.3068788
M3 - Journal article
AN - SCOPUS:85103294058
SN - 2327-4697
VL - 8
SP - 1674
EP - 1686
JO - IEEE Transactions on Network Science and Engineering
JF - IEEE Transactions on Network Science and Engineering
IS - 2
ER -