Securing Future Internet and 5G using Customer Edge Switching using DNSCrypt and DNSSEC

Slawomir Nowaczewski and Wojciech Mazurczyk
+

 

Warsaw University of Technology, Warsaw, Poland
{slawomir.nowaczewski, wojciech.mazurczyk}@pw.edu.pl

  

Abstract

Customer Edge Switching (CES) serves an extension of the classical firewall functionality that is able to communicate with other security devices to establish whether network traffic should be considered as benign or malicious. CES is envisioned to be utilized in future generation networks like 5G. In this paper, we first describe the CES concept and how it uses Domain Name System (DNS) protocol. Then, we discuss the attack model and how the current CES implementation that lacks DNS encryption/authentication can be exploited through the man-in-the-middle (MitM) attacks. Finally, we extend the current CES implementation to fix this gap by adding DNSCrypt and DNSSEC functionalities. Obtained experimental results prove that most of the attacks can be easily defended by these countermeasures.

 

Keywords: Customer Edge Switching, CES, DNSCrypt, DNSSEC, 5G, Future Internet

 

+: Corresponding author: Wojciech Mazurczyk
Room 313, Nowowiejska 15/19, 00-665 Warsaw, Poland, Tel: +48 22 234-77-99

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 11, No. 3, pp. 87-106, September 2020 [pdf]

Received: April 21, 2020; Accepted: August 13, 2020; Published: September 30, 2020

DOI: 10.22667/JOWUA.2020.09.30.087