Secure Consensus Generation with Distributed DoH
Philipp Jeitner, Haya Shulman, Michael Waidner
TL;DR
This paper proposes a secure, backward-compatible method for generating server pools using distributed DNS-over-HTTPS resolvers to prevent off-path attacks on consensus mechanisms relying on DNS queries.
Contribution
It introduces a novel approach utilizing distributed DoH resolvers for secure server pool generation, enhancing security against specific DNS-based attacks.
Findings
The method effectively prevents off-path attacks on server pool generation.
It maintains backward compatibility with existing DNS infrastructure.
The approach improves the security of consensus mechanisms relying on DNS queries.
Abstract
Many applications and protocols depend on the ability to generate a pool of servers to conduct majority-based consensus mechanisms and often this is done by doing plain DNS queries. A recent off-path attack [1] against NTP and security enhanced NTP with Chronos [2] showed that relying on DNS for generating the pool of NTP servers introduces a weak link. In this work, we propose a secure, backward-compatible address pool generation method using distributed DNS-over-HTTPS (DoH) resolvers which is aimed to prevent such attacks against server pool generation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.