Dissertation/Thesis Abstract

Detection of communication over DNSSEC covert channels
by Hands, Nicole M., M.S., Purdue University, 2016, 82; 10181541
Abstract (Summary)

Unauthorized data removal and modification from information systems represents a major and formidable threat in modern computing. Security researchers are engaged in a constant and escalating battle with the writers of malware and other methods of network intrusion to detect and mitigate this threat. Advanced malware behaviors include encryption of communications between the server and infected client machines as well as various strategies for resilience and obfuscation of infrastructure. These techniques evolve to use any and all available mechanisms. As the Internet has grown, DNS has been expanded and has been given security updates. This study analyzed the potential uses of DNSSEC as a covert channel by malware writers and operators. The study found that changing information regarding the Start of Authority (SOA) and resigning the zone can create a covert channel. The study provided a proof of concept for this previously undocumented covert channel that uses DNSSEC.

Indexing (document details)
Advisor: Yang, Baijan
Commitee: Rogers, Marcus K., Xu, Dongyan
School: Purdue University
Department: Computer and Information Technology
School Location: United States -- Indiana
Source: MAI 56/01M(E), Masters Abstracts International
Subjects: Information Technology, Computer science
Keywords: Covert channel, DNSSEC, Data breach
Publication Number: 10181541
ISBN: 978-1-369-30126-7
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy