Assistant Professor Dave Levin received a Distinguished Paper Award at the 2017 USENIX Security Symposium for his paper entitled "A Longitudinal, End-to-End View of the DNSSEC Ecosystem." Written with colleagues from Northeastern University, TU Berlin, University of Twente, and Duke University, the paper addresses Domain Name System Security Extensions (DNSSEC) and how well it is deployed on the internet today. All users of the internet depend on DNS (Domain Name Service)--it is the system which maps easily recognizable names including www.umd.edu to internet-routable addresss like 220.127.116.11. DNS has a long history; it has been around almost as long as the internet itself.
"As much as we depend on DNS, security was never baked into its original design, and sure enough, there have been many attacks against it," Levin said. "Who is to say that 18.104.22.168 is actually the IP address a particular website? How can I be sure that any answer DNS gives is legitimate, and not the address of an attacker?"
Levin's paper measured how well DNSSEC is deployed in the internet today. DNSSEC, or security extensions to DNS, allow clients to authenticate the answers they receive from DNS. DNSSEC is somewhat complicated, and it requires multiple parties to take some very specific steps — websites need to create certain special DNS records, their registrars (who sold them their domain name) need to also create some special records (basically of the form “I promise that I did in fact sell dave.is.cool.com to that person”), and clients need to actually request and validate these records.
"To date, no one had performed a study to show how well each of these parties is doing these tasks — at least not a study that was as wide-ranging (we measured all parties), longitudinal (over a period of nearly two years), and reproducible," Levin said.
Levin and his co-authors received the award in August of 2017 in Vancouver, Canada.
The Department welcomes comments, suggestions and corrections. Send email to editor [at] cs [dot] umd [dot] edu.