| The man-in-the-middle attack is an attack in which a malicious third party secretly controls the communication channel between two or more endpoints.By using deception,impersonation,or some other means,attackers attempt to intercept or tamper with the interactive information of both sides of communication and destroy the confidentiality,integrity,and availability of data.As an Internet infrastructure that maps domain names and IP addresses to each other,domain name system can ensure the normal operation of other network applications.With the continuous development of information technology,manin-the-middle attacks will become more and more frequent in the domain name system,and the harm caused by the attacks will become more and more serious.In view of the above problems,this paper focuses on the lightweight security research of domain name system man-in-the-middle attacks,including malicious key generation centers,domain name system forwarders,and other problems in the current domain name system.The main contents are as follows:(1)Aiming at resisting the man-in-the-middle attack in the domain name system protocol,a lightweight solution was proposed.The scheme introduced certificateless signature algorithm,removed the difficult-to-deploy trust chain to improve the efficiency and security of authentication.By using symmetric encryption technology,the proposed solution ensured the confidentiality of the message and increase the attack difficulty.Then the security scheme proposed based on this algorithm can be deployed and run on the original infrastructure.The operating efficiency of the protocol can be optimized under the premise of security to achieve the purpose of lightweight.The theoretical analysis proved the proposed scheme can resist common man-in-the-middle attacks.After efficiency comparison,the efficiency of the proposed scheme is improved by 5% compared with other similar schemes.(2)An efficient and lightweight scheme is proposed in this paper to resist the man-inthe-middle attacks in the domain name system protocol.The scheme introduces redactable signature technology to design a new signature algorithm,which can resist the new manin-the-middle attack by revising the signature.Thereby it can enhance the security of message authentication.To further improve the authentication efficiency of the message and ensure the authenticity of the message source,the certificateless signature technology is adopted.The algorithm is applied to the domain name system service relay to propose a new security scheme.The modifiable signature is used to decompose the query results,prevent attacks,and construct a digital signature in line with the protocol specification to ensure the integrity and reliability of the message.The theoretical analysis proved that our scheme is robust against common man-in-the-middle attacks.Experimental comparison results show that it has better performance than similar schemes. |
PDF Full Text Request