计算机工程与应用 ›› 2024, Vol. 60 ›› Issue (21): 73-88.DOI: 10.3778/j.issn.1002-8331.2405-0302

• 热点与综述 • 上一篇    下一篇

区块链在域名系统安全中的应用进展综述

姬婕,岳鹏飞,李雷孝,杜金泽,林浩,高昊昱   

  1. 1.内蒙古工业大学 数据科学与应用学院,呼和浩特 010080
    2.内蒙古自治区基于大数据的软件服务工程技术研究中心,呼和浩特 010080
    3.天津理工大学 计算机科学与工程学院,天津 300384
    4.海南大学 网络空间安全学院,海口 570228
  • 出版日期:2024-11-01 发布日期:2024-10-25

Comprehensive Review of Application Progress of Blockchain in Domain Name System Security

JI Jie, YUE Pengfei, LI Leixiao, DU Jinze, LIN Hao, GAO Haoyu   

  1. 1.College of Data Science and Application, Inner Mongolia University of Technology, Hohhot 010080, China
    2.Inner Mongolia Autonomous Region Software Service Engineering Technology Research Center Based on Big Data, Hohhot 010080, China
    3.College of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China
    4.College of Cyberspace Security, Hainan University, Haikou 570228, China
  • Online:2024-11-01 Published:2024-10-25

摘要: 域名系统(domain name system, DNS)作为互联网的核心架构之一,面临可信度不足、安全保护薄弱等问题,而区块链通过多点同步、共享、复制数据提供了一种多中心或去中心,以及难以篡改的数据存储机制,已经成为提高DNS可信度和安全性的重要解决方案。然而,当前缺乏对区块链DNS相关文献的全面调研,亟需对相关研究进行综述,以推动区块链在DNS这一互联网的核心架构中的应用,进而提升互联网架构整体安全性。从协议和架构两个角度分析DNS现存的主要安全问题,将DNS威胁划分为重定向流量攻击和拒绝服务攻击;分析了主流防护措施的局限性,梳理了区块链在DNS中的相关研究,概述系统工作流程,从系统复杂度和安全性方面评价了当前方案;提出构建成熟可靠的区块链DNS需要解决的几个关键问题并给出未来研究方向。

关键词: 域名系统(DNS), 区块链, 分布式拒绝服务攻击, 缓存中毒, 网络空间安全

Abstract: As one of the core architectures of the Internet, the domain name system (DNS) faces issues such as insufficient credibility and weak security protection. Blockchain, with its mechanism of data storage that is multi-centered or decentralized, and difficult to tamper with by synchronizing, sharing, and replicating data across multiple points, has become an important solution to enhance the credibility and security of DNS. However, there is currently a lack of comprehensive research on blockchain DNS, and there is an urgent need to review related studies to promote the application of blockchain in DNS, a core architecture of the Internet, thereby enhancing the overall security of the Internet infrastructure. The analysis begins from two perspectives: protocols and architecture, identifying the main security issues existing in DNS and categorizing DNS threats into traffic redirection attacks and denial of service attacks. Then, it examines the limitations of mainstream protective measures and reviews the relevant research on blockchain in DNS, summarizing the system workflow, and evaluates current solutions in terms of system complexity and security. Finally, it proposes several key issues that need to be addressed in building a mature and reliable blockchain DNS and presents future research directions.

Key words: domain name system (DNS), blockchain, distributed denial of service, cache poisoning, cyberspace security