Dissertation Defense Schedule
Academic Excellence
Sharing original dissertation research is a principle to which the University of Delaware is deeply committed. It is the single most important assignment our graduate students undertake and upon completion is met with great pride.
We invite you to celebrate this milestone by attending their dissertation defense. Please review the upcoming dissertation defense schedule below and join us!
PROGRAM | Electrical & Computer Engineering
The State of the Art in DNS Security and its Implications
By: Fatema Bannat Wala Chair: Stephan Bohacek
ABSTRACT
DNS is one of the oldest and most important protocols developed by the internet community to support the World Wide Web and access to some critical services like web browsing, email, VPN (Virtual Private Network), IoT applications, Instant messaging etc. Due to the inherent security and privacy flaws in DNS, several new protocol technologies have been designed to patch the holes in DNS. With every new patch, new vulnerabilities are introduced that sometimes have more adverse effects than providing the solution to mitigate the current risk. One of these new techniques, which has been around over a decade, is DNSSEC (DNS Security protocol). It is important to evaluate these short-comings and risks the new technology stack introduces.
This dissertation studies the security of the DNS protocol stack and one of its variants DNSSEC from a few different aspects. The work provides insights into the ’Off-label’ use of DNS showing another legit vector of information leakage (legit applications that are whitelisted by an organization to use), devises two novel techniques to get those insights from the network traffic, and how it can be leveraged by the analysts to detect malware trends in the network with some real-world use-cases. Furthermore, we investigate the encrypted traffic to understand the unique patterns that can be used to deduce the use of DNS over HTTPS (DoH) under normal traffic.
The research work also contributed towards the development of the DNSSEC protocol parsing support and analysis of weird DNSSEC use-cases in one of the most popular open-source NSM/NDR (Network Security Monitoring/ Network Detection and Response) solutions known as Zeek. The contribution was made open-source and is utilized by 10,000+ deployments of Zeek worldwide including Lawrence Berkeley National Laboratory, University of Delaware, University of Pennsylvania and many more. Finally, this work also explores the critical private DNS information leakage due to one of the known flaws in DNSSEC, called Zone-walking. We developed a novel solution – Zone-Hopping to solve this information leakage while keeping the integrity of the DNS/DNSSEC protocol intact.
The Process
Step-by-Step
Visit our “Step-by-Step Graduation Guide” to take you through the graduation process.From formatting your Dissertation to Doctoral Hooding procedures.
Dissertation Manual
Wondering how to set up the format for your paper. Refer to the “UD Thesis/Dissertation Manual” for formatting requirements and more.
Defense Submission Form
This form must be completed two weeks in advance of a dissertation defense to meet the University of Delaware Graduate and Professional Education’s requirements.