Sep 06, 2016: Haoran Li: Model checking on key rollover method of DNSSEC

September 06, 2016Model checking on key rollover method of DNSSEC
Room: HB 2BHaoran Li

DNS is a basic infrastructure and an important part in today's internet. However, there are severe security problems in this system. To solve these problems, some security extensions are added to the DNS and upgraded it to DNSSEC. In DNSSEC, timing of key renewal is a big concern. Maloperations may cause some severe mistakes and make some domains "invisible". I looked into a method of key rollover which is newly applied in OpenDNSSEC software, and tried to build a model to verify its correctness and robustness.

In this talk I will first introduce how DNS and DNSSEC work, and then talk about how I tried to model the key rollover method.