Domain Name System; Handshake; Security; Blockchain
Abstract :
[en] The current domain name system (DNS) relies on specific organizations such as the Internet Corporation for Assigned Names and Numbers for its administration. Therefore, misconfigurations or arbitrary deployments by these organizations may have a negative impact on the Internet. Handshake, which is a blockchain-based DNS service, can offer an alternative and extended system to the current DNS by managing the root zone on the blockchain without relying on specific organizations. This paper addresses the following research question: Can Handshake replace the current DNS in the future? At the time of this writing, this is the first detailed analysis of Handshake, with a particular focus on undesirable activities and security issues observable from the blockchain data. By discussing concerns regarding malicious usage of domain names, such as domain squatting, with the usage cost data, the paper demonstrates that there is a significant possibility of domain name abuse with lower cost in general. Furthermore, by discussing system redundancy as part of the blockchain-based DNS, it shows that there is a likelihood for lower redundancy of authoritative DNS servers. In response to the research question, the paper concludes that Handshake cannot and should not replace the current DNS in the future without resolving these issues through the introduction of security measures for general users.
Disciplines :
Computer science
Author, co-author :
Isobe, Katsuki; Osaka Metropolitan University
EISENBARTH, Jean-Philippe ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN
Kondo, Daishi; Osaka Metropolitan University
Cholez, Thibault; CNRS, Inria, LORIA, Universite de Lorraine, France
Hideki, Tode; Osaka Metropolitan University
External co-authors :
yes
Language :
English
Title :
A Deeper Grasp of Handshake: A Thorough Analysis of Blockchain-based DNS Records
Publication date :
2024
Event name :
BRAINS 2024 - 6th Conference on Blockchain Research & Applications for Innovative Networks and Services
Event place :
Berlin, Germany
Event date :
Du 09 octobre 2024 au 11 octobre 2024
Audience :
International
Main work title :
Blockchain Research & Applications for Innovative Networks and Services (BRAINS), 2024
Publisher :
Institute of Electrical and Electronics Engineers (IEEE)
“Ukraine asks ICANN to revoke Russian domains and shut down DNS root servers — Ars Technica,” Accessed: Nov. 7, 2023. [Online]. Available: https://arstechnica.com/tech-policy/2022/03/ukraine-wants-russia-cut-off-from-core-internet-systems-experts-say-its-a-bad-idea/
P. E. Hoffman, “DNS Security Extensions (DNSSEC),” RFC 9364, Feb. 2023, doi: 10.17487/RFC9364.
“Handshake Developer Documentation: How to Claim a Name,” Accessed: Jan. 31, 2024. [Online]. Available: https://hsd-dev.org/guides/claims.html
A. Randall, W. Hardaker, G. M. Voelker, S. Savage, and A. Schulman, “The challenges of blockchain-based naming systems for malware defenders,” in Proc. 2022 APWG Symposium on Electronic Crime Research (eCrime), 2022, pp. 1–14, doi: 10.1109/eCrime57793.2022.10142131.
P. Agten, W. Joosen, F. Piessens, and N. Nikiforakis, “Seven months’ worth of mistakes: A longitudinal study of typosquatting abuse,” in Proc. the 22nd Network and Distributed System Security Symposium, 2015, doi: 10.14722/ndss.2015.23058.
H. Suzuki, D. Chiba, Y. Yoneya, T. Mori, and S. Goto, “ShamFinder: An automated framework for detecting IDN homographs,” in Proc. the ACM Internet Meas. Conf. (IMC), 2019, pp. 449–462, doi: 10.1145/3355369.3355587.
A. M. Costello, “Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA),” RFC 3492, Mar. 2003, doi: 10.17487/RFC3492.
M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou, S. Abu-Nimeh, W. Lee, and D. Dagon, “From throw-away traffic to bots: Detecting the rise of DGA-based malware,” in Proc. the 21st USENIX Security Symposium (USENIX Security 12), Aug. 2012, pp. 491–506.
N. Ishikura, D. Kondo, V. Vassiliades, I. Iordanov, and H. Tode, “DNS tunneling detection by cache-property-aware features,” IEEE Trans. Netw. Service Manag., vol. 18, no. 2, pp. 1203–1217, 2021, doi: 10.1109/TNSM.2021.3078428.
K. Hasegawa, D. Kondo, M. Osumi, and H. Tode, “Collaborative defense framework using FQDN-based allowlist filter against DNS water torture attack,” IEEE Trans. Netw. Service Manag., vol. 20, no. 4, pp. 3968–3983, 2023, doi: 10.1109/TNSM.2023.3277880.
“bcoin-org/bcoin: Javascript bitcoin library for node.js and browsers,” Accessed: Nov. 8, 2023. [Online]. Available: https://github.com/bcoin-org/bcoin
P. E. Hoffman and J. Schlyter, “The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA,” RFC 6698, Aug. 2012, doi: 10.17487/RFC6698.
W. Vickrey, “Counterspeculation, auctions, and competitive sealed tenders,” The Journal of Finance, vol. 16, no. 1, pp. 8–37, 1961, doi: 10.2307/2977633.
J. C. Klensin, “Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework,” RFC 5890, Aug. 2010, doi: 10.17487/RFC5890.
V. L. Pochat, T. Van Goethem, S. Tajalizadehkhoob, M. Korczyński, and W. Joosen, “Tranco: A research-oriented top sites ranking hardened against manipulation,” in Proc. the 26th Network and Distributed System Security Symposium, 2019, doi: 10.14722/ndss.2019.23386.
“TLD Registry + HNS Exchange for Decentralized Web — Namebase,” Accessed: Nov. 7, 2023. [Online]. Available: https://www.namebase.io/
“Handshake Price: HNS Live Price Chart, Market Cap & News Today — CoinGecko,” Accessed: Nov. 7, 2023. [Online]. Available: https://www.coingecko.com/en/coins/handshake
“icann lockup soft fork - Add 10k alexa to the soft-fork. by nodech · Pull Request #828 · handshake-org/hsd,” Accessed: Mar. 12, 2024. [Online]. Available: https://github.com/handshake-org/hsd/pull/828
W. Wang, N. Hu, and X. Liu, “BlockZone: A blockchain-based DNS storage and retrieval scheme,” in Proc. the 5th International Conference on Artificial Intelligence and Security, 2019, pp. 155–166, doi: 10.1007/978-3-030-24268-8_15.
W. Liu, Y. Zhang, L. Liu, S. Liu, H. Zhang, and B. Fang, “A secure domain name resolution and management architecture based on blockchain,” in Proc. 2020 IEEE Symposium on Computers and Communications (ISCC), 2020, pp. 1–7, doi: 10.1109/ISCC50000.2020.9219632.
L. Jin, S. Hao, Y. Huang, H. Wang, and C. Cotton, “DNSonChain: Delegating privacy-preserved DNS resolution to blockchain,” in Proc. 2021 IEEE 29th International Conference on Network Protocols (ICNP), 2021, pp. 1–11, doi: 10.1109/ICNP52444.2021.9651951.
H. A. Kalodner, M. Carlsten, P. M. Ellenbogen, J. Bonneau, and A. Narayanan, “An empirical study of namecoin and lessons for decentralized namespace design,” in Proc. the 14th Annual Workshop on the Economics of Information Security, 2015, pp. 1–23.
C. Patsakis, F. Casino, N. Lykousas, and V. Katos, “Unravelling ariadne’s thread: Exploring the threats of decentralised DNS,” IEEE Access, vol. 8, pp. 118 559–118 571, 2020, doi: 10.1109/ACCESS.2020.3004727.
P. Xia, H. Wang, Z. Yu, X. Liu, X. Luo, G. Xu, and G. Tyson, “Challenges in decentralized name management: the case of ENS,” in Proc. the 22nd ACM Internet Meas. Conf. (IMC), 2022, pp. 65–82, doi: 10.1145/3517745.3561469.
“Ethereum Name Service,” Accessed: Jun. 26, 2023. [Online]. Available: https://ens.domains/
K. Isobe, D. Kondo, and H. Tode, “A first look at the name resolution latency on handshake,” in Proc. the 22nd ACM Internet Meas. Conf. (IMC), 2022, pp. 756–757, doi: 10.1145/3517745.3563024.
