| dc.identifier.uri | http://hdl.handle.net/1951/55407 | |
| dc.identifier.uri | http://hdl.handle.net/11401/70975 | |
| dc.description.sponsorship | This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree. | en_US |
| dc.format | Monograph | |
| dc.format.medium | Electronic Resource | en_US |
| dc.language.iso | en_US | |
| dc.publisher | The Graduate School, Stony Brook University: Stony Brook, NY. | |
| dc.type | Thesis | |
| dcterms.abstract | We use the probabilistic model checker PRISM to formally model and analyze the highly publicized Kaminsky DNS cache-poisoning attack. DNS (Domain Name System) is an internet-wide, hierarchical naming system used to translate domain names such as google.com into physical IP addresses such as 208.77.188.166. The Kaminsky DNS attack is a recently discovered vulnerability in DNS that allows an intruder to hijack a domain; i.e. corrupt a DNS server so that it replies with the IP address of a malicious web server when asked to resolve the URL of a non-malicious domain such as google.com. A proposed fix for the attack is based on the idea of randomizing the source port a DNS server uses when issuing a query to another server in the DNS hierarchy.We use PRISM to introduce a Continuous Time Markov Chain representation of the Kaminsky attack and the proposed fix, and to perform the requisite probabilistic model checking. Our results, gleaned from more than 240 PRISM runs, formally validate the existence of the Kaminsky cache-poisoning attack even in the presence of an intruder with virtually no knowledge of the victim DNS server's actions. They also serve to quantify the effectiveness of the proposed fix, demonstrating an exponentially decreasing, long-tail trajectory for the probability of a successful attack with an increasing range of source-port ids, as well as an increasing attack probability with an increasing number of attempted attacks or increasing rate at which the intruder guesses the source-port id. | |
| dcterms.available | 2012-05-15T18:02:55Z | |
| dcterms.available | 2015-04-24T14:45:23Z | |
| dcterms.contributor | Smolka, Scott A. | en_US |
| dcterms.contributor | Erez Zadok. | en_US |
| dcterms.contributor | Stoller, Scott | en_US |
| dcterms.creator | Deshpande, Tushar Suhas | |
| dcterms.dateAccepted | 2012-05-15T18:02:55Z | |
| dcterms.dateAccepted | 2015-04-24T14:45:23Z | |
| dcterms.dateSubmitted | 2012-05-15T18:02:55Z | |
| dcterms.dateSubmitted | 2015-04-24T14:45:23Z | |
| dcterms.description | Department of Computer Science | en_US |
| dcterms.format | Application/PDF | en_US |
| dcterms.format | Monograph | |
| dcterms.identifier | Deshpande_grad.sunysb_0771M_10119.pdf | en_US |
| dcterms.identifier | http://hdl.handle.net/1951/55407 | |
| dcterms.identifier | http://hdl.handle.net/11401/70975 | |
| dcterms.issued | 2010-05-01 | |
| dcterms.language | en_US | |
| dcterms.provenance | Made available in DSpace on 2012-05-15T18:02:55Z (GMT). No. of bitstreams: 1
Deshpande_grad.sunysb_0771M_10119.pdf: 651927 bytes, checksum: 71425ded6ea56107b40dff6bcd8fff07 (MD5)
Previous issue date: 1 | en |
| dcterms.provenance | Made available in DSpace on 2015-04-24T14:45:23Z (GMT). No. of bitstreams: 3
Deshpande_grad.sunysb_0771M_10119.pdf.jpg: 1894 bytes, checksum: a6009c46e6ec8251b348085684cba80d (MD5)
Deshpande_grad.sunysb_0771M_10119.pdf.txt: 48703 bytes, checksum: 819e37f0a23a34591c54776f5f260dfb (MD5)
Deshpande_grad.sunysb_0771M_10119.pdf: 651927 bytes, checksum: 71425ded6ea56107b40dff6bcd8fff07 (MD5)
Previous issue date: 1 | en |
| dcterms.publisher | The Graduate School, Stony Brook University: Stony Brook, NY. | |
| dcterms.subject | Computer Science | |
| dcterms.subject | dns, formal verification, kaminsky, prism, security | |
| dcterms.title | Model Checking the Kaminsky DNS Cache-Poisoning Attack Using PRISM | |
| dcterms.type | Thesis | |
