Security System For DNS Using Cryptography Extension

The sending and receiving message by means of a network is not safe as theinformation can be accessed by everybody inside the network. The hierarchical distributedDomain Name System (DNS) is a naming system of the network that is involved insending and receiving information from one source to another using their ip addresses.Since the original DNS protocol specifications did not include security mechanism, theDomain Name System Security Extensions (DNSSEC) is used for the security matter.The DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications forsecuring certain kinds of information provided by the DNS as used in Internet Protocol (IP)networks. It is a set of extensions to DNS which provide DNS clients (resolvers) originalauthentication of DNS data, authenticated denial of existence, and data integrity. Withoutavailability or confidentiality, the DNSSEC is still not strong enough for the security.Therefore, it cannot secure the leakage of information.Since DNSSEC is extendable, a suitable idea is to add more algorithms to DNSSECso that it can improve its security level. In this study I have tried to improve the level ofDNSSSEC security by combining the concept of both the Digital signature and theAsymmetric (public key) cryptography. To enhance the security level, the public key isencrypted and sent over the network.The digital signature is a mathematical scheme for enabling the authenticity of adigital message or document. A valid digital signature gives recipient a reason to believethat the message was created by a known sender, that the sender cannot deny having sentthe message (authentication and non-repudiation) and that the message was not altered intransit (integrity).Public-key cryptography, also known as asymmetric cryptography, is a class ofcryptographic algorithms which require two separate keys, one is the secret (or private)key and another is the public key. Although they are different, the two parts of thiskey-pair are mathematically linked. The public key is used to encrypt plaintext or to verifya digital signature; whereas the private key is used to decrypt ciphertext or to create adigital signature. In this study, the security is improved by using Pseudo Random Number Generator(PRNG) for generating Key Pair in a quick and more secured manner: SHA-1and MD5are used for producing and compressing Message Digest respectively; signature is createdby using Private Key and Message Digest which is transmitted along with the Public Key.Since the above algorithms were added to the DNSSEC, the security level ofDNSSEC is improved. This ensures more security for sending and receiving informationover network.