Abstract: Zeroconf（Zero configuration） networks security are analyzed, and it is pointed out that Zeroconf networks are vulnerable to DNS spoofing attack. An improvement strategy is proposed. The strategy provides DNS message in Zeroconf networks with authentication and integrity by DNSSEC, and improves the DNSSEC public key distribution and management mechanisms in order to adapt to Zeroconf networks that are non-centralized and self-organizing. The experimental results show that the improvement strategy increases the security of Zeroconf networks.

Key words: Zero configuration（Zeroconf）, digital signature, DNS security extensions, network attack, key management

摘要： 分析并指出Zeroconf（Zero configuration）网络易受到DNS欺骗攻击，提出并实现了一种增强其安全性的改进策略。该策略通过DNSSEC对Zeroconf网络中DNS消息收发提供权限认证和信息完整性检查，同时针对Zeroconf网络无中心、自组织的特点，改进DNSSEC原有的公钥分配和管理机制以适应其特性。实验结果证实该策略提高了Zeroconf网络的安全性。

关键词: 零配置, 数字签名, DNS安全扩展, 网络攻击, 密钥管理