What's in a name? Homeland Security develops Domain Name System Security Systems Extensions

December 7, 2011
The DHS Science and Technology Directorate (S&T) is working to restore trust in the system and make websites more secure and reliable by improving the Internet's Domain Name System (DNS). Credit: DHS S&T

At the advent of the Internet thirty years ago, the brand new Domain Name System (DNS) (which translated website names like science.com into a network address like 1.2.3.4) was trusted by everyone. Today, hackers take advantage of our long-standing trust in DNS and work to trick the system by stealing information and redirecting data every day.

The DHS Science and Technology Directorate (S&T) is working to restore trust in the system and make websites more secure and reliable by improving the DNS. Last October, during National Cybersecurity Awareness Month, Internet safety was discussed as a shared responsibility.

DHS's role in this effort is S&Ts Security Extensions (DNSSEC) project, which received the National Cybersecurity Innovation Award at the Sans Institute's Second Annual National Cybersecurity Innovation Conference for innovation in promoting research that "pays off" by focusing on work that can result in real products and real risk reduction.

Most websites are not self-contained, but are rather a patchwork of information drawn from scores of sources. DNSSEC authenticates the existence, ownership, and integrity of data while systematically validating sources─including hundreds of servers, or nodes.

"The value of DNSSEC reaches far beyond preventing from obtaining login information," said Edward Rhyne, DNSSEC program manager in S&T's Cyber Security Division. "DNSSEC is the foundation for a new trust model for all communications on the Internet, essentially protecting this vital infrastructure."

As governments, banks, Internet service providers, businesses, and other stakeholders become more aware of DNS-related threats, DNSSEC adoption is gaining momentum. "Users are starting to understand," said Rhyne. "A hacker may insert a malicious server between a user and their bank, enabling collection of login credentials and account information-allowing the hacker to steal an identity and transfer money as the authorized user."

Since 2004, S&T and its partners, including the National Institute of Standards and Technology and the DNSSEC Deployment Initiative, have worked to build support for DNSSEC, which has resulted in support and compliance by registrars from all over the world. Registars for more than 20 country codes, including .us and .uk, are involved in this effort. In addition, DNSSEC was deployed in the .edu, .gov,.org, .net, and .com zones, while top-level domains of the U.S. military's .mil are slated to be DNSSEC-signed in December 2011. Adoption by these most commonly utilized domains paves the way for adption by lower-level domains, and will ultimately create a complete end-to-end chain.

By authenticating and protecting data, DHS is continuously working to build a safer, more secure, and more resilient cyberspace.

Explore further: Informatics scientists' ‘active cookies’ put bite on cyber crooks

Related Stories

Experts uncover weakness in Internet security

December 30, 2008

Independent security researchers in California and researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands have found ...

Top US cybersecurity official quits

March 7, 2009

A top US cybersecurity official has quit, complaining in a resignation letter obtained by Wired magazine that US cyber protection efforts are being dominated by the super-secret National Security Agency (NSA).

Internet upgraded to foil cyber crooks

July 29, 2010

The Internet has undergone a key upgrade that promises to stop cyber criminals from using fake websites that dupe people into downloading viruses or revealing personal data.

Recommended for you

Microsoft describes hard-to-mimic authentication gesture

August 1, 2015

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting ...

Power grid forecasting tool reduces costly errors

July 30, 2015

Accurately forecasting future electricity needs is tricky, with sudden weather changes and other variables impacting projections minute by minute. Errors can have grave repercussions, from blackouts to high market costs. ...

Netherlands bank customers can get vocal on payments

August 1, 2015

Are some people fed up with remembering and using passwords and PINs to make it though the day? Those who have had enough would prefer to do without them. For mobile tasks that involve banking, though, it is obvious that ...

4 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

Corban
not rated yet Dec 07, 2011
A strong DNSSEC would run counter to the DNS-tinkering that recent IP legislation demands. How're they eating their cake and having it too? Is there a backdoor?
kochevnik
1 / 5 (1) Dec 07, 2011
homeland 27 up, 16 down
1. American Nazi term derived from and equivalent to German Naziterm "der Fatherland". Der Fatherland was used by Hitler to impassion Germans with patriotism, diverting their attention from laws, legislation and programs authorizing genocide and ethnic cleansing.

2 Emotionally laden term used by Baby Bush to describe the lands and territories of United States of America to artificially stimulate U.S. citizens (and the press) to overwrought and zealous patriotism as a diversion from critical analysis of legislation depriving citizens of Constitutiona rights and freedoms.
Shootist
1 / 5 (1) Dec 07, 2011
homeland 27 up, 16 down
1. American Nazi term derived from and equivalent to German Naziterm "der Fatherland". Der Fatherland was used by Hitler to impassion Germans with patriotism, diverting their attention from laws, legislation and programs authorizing genocide and ethnic cleansing.

2 Emotionally laden term used by Baby Bush to describe the lands and territories of United States of America to artificially stimulate U.S. citizens (and the press) to overwrought and zealous patriotism as a diversion from critical analysis of legislation depriving citizens of Constitutiona rights and freedoms.


Don't forget the Ruskies, and Motherland. Yes, Homeland Security is a terrible name for an agency We Don't Need. Blame Bush if you want but Homeland Security is a Child of the democrat Congress.
Doug_Huffman
1 / 5 (1) Dec 08, 2011
Sorry, the US national government and particularly DHS has expended whatever trust was had by the American people. I do not want Big Sis in my computer, or on the Internet, or - Uggh - in my face on the media.

"National government?" Lincoln killed the union to save the Union and ended federalism.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.