Measurable security: A new substrate for DNSSEC

As the Internet plays an increasingly critical role in both our global economy and governments all over the world, it has become a central concern for everyone. This has elevated its security from just a relevant research area to one of the global linchpins of our society. Unfortunately, it is widely recognized (and often lamented) that the designs of the Internet's core protocols did not make security a top priority, and there has been an increasingly palpable sense that the Internet needs to enhance its security. Though there have been many efforts to add security protections, the Internet's environment has confounded designs or models that require strict behaviors, rigid configurations, or any form of global consensus (such as a global Certificate Authority, CA). One of the most notable attempts to secure a core protocol has been the DNS Security Extensions (DNSSEC), which is the first attempt to actually deploy a true Internet-scale cryptosystem. However, this seemingly straightforward design has met with many fundamental challenges which stem from its "provable security" foundation.;In this dissertation we introduce a new system substrate called Measurable Security that casts security assurances as measurable quantities and embraces the chaotic environment that Internet-scale systems face. Specifically, DNSSEC is a type of system that uses cryptography as its sole foundation (a cryptosystem), and in this work we show how Measurable Security can act as an additional foundational element that lets DNSSEC's design embrace aspects of its own deployed status, and help remedy some tangible problems the DNSSEC deployment is already facing.;To fully illustrate the utility of Measurable Security, we first show how it can be applied the current DNSSEC deployment and used to quantify an empirical notion of how well it is offering its security protections to client resolvers today. To do this, we propose three design-level measures (and three associated system-level metrics) that allow us to evaluate the operational level of protections that DNSSEC tries to offer.;Next, we use Measurable Security to derive a model for DNSKEY learning and verification called Public Data. From this model we will go on to discuss an actual open source software system (called Vantages ) whose design is based on this concept and which is publicly available.;Finally, we quantitatively demonstrate how much more effective Vantages is than DNSSEC's current key learning design by using deployment metrics to create a side-by-side comparison of the two approaches. We believe that this is the first opportunity that operators of any Internet-scale cryptosystem have had to make an apples-to-apples comparison between the deployments of different cryptosystem designs, and properly judge them against each other.