Analysis of DNS Dependencies and their Security Implications in Australia: A Comparative Study of General and Indigenous Populations
0
Sign in to get full access
Overview
- Examines the dependence on DNS (Domain Name System) and its security implications for the general population and Indigenous Australians
- Compares the centralization and geographic distribution of DNS dependencies between the two groups
- Explores the potential impact of DNS centralization on internet access and resilience, particularly for marginalized communities
Plain English Explanation
This research paper looks at how much people in Australia rely on the DNS (the system that connects website names to internet addresses) and the security risks this can create, especially for Indigenous Australians.
The researchers compared the DNS dependencies of the general Australian population and Indigenous Australians. They found that the internet is more centralized for Indigenous Australians, meaning their connections to websites go through fewer, more concentrated points. This could make their internet access more vulnerable to disruptions or attacks.
The paper explores how this centralization of the internet infrastructure could negatively impact marginalized groups like Indigenous Australians, making their internet access less resilient and secure. The findings suggest that the way the internet is structured today may disadvantage certain communities and that more decentralized approaches could improve internet access and security for everyone.
Technical Explanation
The paper analyzes the DNS dependencies and their security implications for the general Australian population and Indigenous Australians. It compares the level of centralization and geographic distribution of DNS dependencies between the two groups.
The research combines IP geolocation data with public DNS server information to assess the degree of internet centralization. It finds that Indigenous Australians have more centralized DNS dependencies, with their internet traffic going through a smaller number of DNS servers located in fewer geographic regions.
This centralization of the internet infrastructure could make internet access for Indigenous Australians more vulnerable to disruptions or attacks, as the failure or compromise of a few key nodes could have a disproportionate impact.
Critical Analysis
The paper acknowledges limitations in the geolocation data used and calls for further research to validate the findings in other contexts. It also does not explore the reasons behind the observed differences in DNS dependencies, which could involve complex historical, socioeconomic, and technological factors.
Additionally, the paper does not assess the actual security risks or potential impacts of the observed centralization on internet access and resilience for Indigenous Australians. More empirical evidence on the real-world consequences would be needed to fully evaluate the significance of the findings.
Conclusion
This research highlights the potential security and resilience issues arising from the centralization of the internet's DNS infrastructure, particularly for marginalized communities like Indigenous Australians. The findings suggest that the way the internet is structured today may disadvantage certain groups and that a more decentralized approach could improve internet access and security for everyone. Further research is needed to better understand the underlying reasons and the actual impacts of this centralization.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
0
Analysis of DNS Dependencies and their Security Implications in Australia: A Comparative Study of General and Indigenous Populations
Niousha Nazemi, Omid Tavallaie, Anna Maria Mandalari, Hamed Haddadi, Ralph Holz, Albert Y. Zomaya
This paper investigates the impact of internet centralization on DNS provisioning, particularly its effects on vulnerable populations such as the indigenous people of Australia. We analyze the DNS dependencies of Australian government domains that serve indigenous communities compared to those serving the general population. Our study categorizes DNS providers into leading (hyperscaler, US-headquartered companies), non-leading (smaller Australian-headquartered or non-Australian companies), and Australian government-hosted providers. Then, we build dependency graphs to demonstrate the direct dependency between Australian government domains and their DNS providers and the indirect dependency involving further layers of providers. Additionally, we conduct an IP location analysis of DNS providers to map out the geographical distribution of DNS servers, revealing the extent of centralization on DNS services within or outside of Australia. Finally, we introduce an attacker model to categorize potential cyber attackers based on their intentions and resources. By considering attacker models and DNS dependency results, we discuss the security vulnerability of each population group against any group of attackers and analyze whether the current setup of the DNS services of Australian government services contributes to a digital divide.
Read more8/26/2024
0
On the Centralization and Regionalization of the Web
Gautam Akiwate, Kimberly Ruth, Rumaisa Habib, Zakir Durumeric
Over the past decade, Internet centralization and its implications for both people and the resilience of the Internet has become a topic of active debate. While the networking community informally agrees on the definition of centralization, we lack a formal metric for quantifying centralization, which limits research beyond descriptive analysis. In this work, we introduce a statistical measure for Internet centralization, which we use to better understand how the web is centralized across four layers of web infrastructure (hosting providers, DNS infrastructure, TLDs, and certificate authorities) in 150~countries. Our work uncovers significant geographical variation, as well as a complex interplay between centralization and sociopolitically driven regionalization. We hope that our work can serve as the foundation for more nuanced analysis to inform this important debate.
Read more7/1/2024
0
Don't Get Hijacked: Prevalence, Mitigation, and Impact of Non-Secure DNS Dynamic Updates
Yevheniya Nosyk, Maciej Korczy'nski, Carlos H. Ga~n'an, Micha{l} Kr'ol, Qasim Lone, Andrzej Duda
DNS dynamic updates represent an inherently vulnerable mechanism deliberately granting the potential for any host to dynamically modify DNS zone files. Consequently, this feature exposes domains to various security risks such as domain hijacking, compromise of domain control validation, and man-in-the-middle attacks. Originally devised without the implementation of authentication mechanisms, non-secure DNS updates were widely adopted in DNS software, subsequently leaving domains susceptible to a novel form of attack termed zone poisoning. In order to gauge the extent of this issue, our analysis encompassed over 353 million domain names, revealing the presence of 381,965 domains that openly accepted unsolicited DNS updates. We then undertook a comprehensive three-phase campaign involving the notification of Computer Security Incident Response Teams (CSIRTs). Following extensive discussions spanning six months, we observed substantial remediation, with nearly 54% of nameservers and 98% of vulnerable domains addressing the issue. This outcome serves as evidence that engaging with CSIRTs can prove to be an effective approach for reporting security vulnerabilities. Moreover, our notifications had a lasting impact, as evidenced by the sustained low prevalence of vulnerable domains.
Read more5/31/2024
0
Network Sovereignty: A Novel Metric and its Application on Network Design
Shakthivelu Janardhanan, Maria Samonaki, Poul Einar Heegaard, Wolfgang Kellerer, Carmen Mas-Machuca
Most network planning problems in literature consider metrics such as cost, availability, and other technology-aware attributes. However, network operators now face new challenges in designing their networks to minimize their dependencies on manufacturers. A low dependency is associated with higher network robustness in case one or more manufacturers fail due to erroneous component design, geopolitical banning of manufacturers, or other reasons discussed in this work. Our work discusses network sovereignty, i.e., the ability to operate a network without dependencies on a particular manufacturer while minimizing the impact of simultaneous manufacturer failure(s). Network sovereignty is considered by solving the manufacturer assignment problem in the network such that robustness is maximized. The three main contributions of this work are (i) the discussion of network sovereignty as a special attribute of dependability, (ii) the introduction of a novel metric -- the Path Set Diversity (PSD) score to measure network sovereignty, and (iii) the introduction of Naga, an ILP formulation to maximize network sovereignty using the PSD score. We compare Naga's performance with centrality metrics-based heuristics and an availability-based optimization. Our work aims to be the foundation to guide network operators in increasing their network sovereignty.
Read more7/8/2024