Securing
Future Internet and 5G using Customer Edge Switching using DNSCrypt and
DNSSEC Warsaw
University of Technology, Warsaw,
Poland Abstract Customer Edge Switching (CES) serves an extension of the classical firewall functionality that is able to communicate with other security devices to establish whether network traffic should be considered as benign or malicious. CES is envisioned to be utilized in future generation networks like 5G. In this paper, we first describe the CES concept and how it uses Domain Name System (DNS) protocol. Then, we discuss the attack model and how the current CES implementation that lacks DNS encryption/authentication can be exploited through the man-in-the-middle (MitM) attacks. Finally, we extend the current CES implementation to fix this gap by adding DNSCrypt and DNSSEC functionalities. Obtained experimental results prove that most of the attacks can be easily defended by these countermeasures. Keywords: Customer Edge Switching, CES, DNSCrypt,
DNSSEC, 5G, Future Internet +: Corresponding author: Wojciech Mazurczyk Journal of Wireless Mobile Networks, Ubiquitous
Computing, and Dependable Applications (JoWUA), Vol. 11, No.
3, pp. 87-106, September 2020 [pdf] DOI: 10.22667/JOWUA.2020.09.30.087 |