Unauthorized data removal and modification from information systems represents a major and formidable threat in modern computing. Security researchers are engaged in a constant and escalating battle with the writers of malware and other methods of network intrusion to detect and mitigate this threat. Advanced malware behaviors include encryption of communications between the server and infected client machines as well as various strategies for resilience and obfuscation of infrastructure. These techniques evolve to use any and all available mechanisms. As the Internet has grown, DNS has been expanded and has been given security updates. This study analyzed the potential uses of DNSSEC as a covert channel by malware writers and operators. The study found that changing information regarding the Start of Authority (SOA) and resigning the zone can create a covert channel. The study provided a proof of concept for this previously undocumented covert channel that uses DNSSEC.
|Commitee:||Rogers, Marcus K., Xu, Dongyan|
|Department:||Computer and Information Technology|
|School Location:||United States -- Indiana|
|Source:||MAI 56/01M(E), Masters Abstracts International|
|Subjects:||Information Technology, Computer science|
|Keywords:||Covert channel, DNSSEC, Data breach|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be