Prof. Yehuda Afek from Tel Aviv University was awarded a research grant as part of the 2021 GÉANT Innovation Progamme. This Programme supports initial development, proof of concept or testing of new ideas. Research topics fall within the GÉANT’s Community remit. IUCC represents Israel in the GÉANT organization, which serves the research and education networking community in Europe to deliver innovative networks, technologies and services for research and education.
Prof. Afek, and his colleagues Prof. Anat Bremler-Barr from the Interdisciplinary Center Herzliya and Tel Aviv University graduate student Daniel Dubnikov, are researching an overhaul of the Domain Name System (DNS), the most critical, distributed system on which any access to a resource on the Internet depends. The project was started and is supported by a matching fund from the Blavatnik Interdisciplinary Cyber Research Center (ICRC), Tel Aviv University.
While there has been a chain of new mechanisms introduced into the DNS system, each solves a problem but then opens the door to a new one. This research project addresses most known vulnerabilities and related issues in the DNS protocol between resolvers and authoritative servers. This encompasses the design of an adaptive protection mechanism that automatically isolates the weak links that suffer the most under an attack, and adaptively provides these links with an alternate protocol that boosts their throughput while maintaining the authenticity of the responses, the integrity of the authoritative server and does not enable zone walking attacks.
The ambitious research starts with the analysis of different weaknesses and vulnerabilities, on an experimental test bed. After analyzing and measuring the performances and weaknesses of different parts and different implementations of the system, the plan is to design an adaptive solution. After implementing a prototype, the team will carry out a proof-of-concept for the new design.
The outcome of this project is expected to improve the robustness and resiliency of the DNS system to different attacks.