论文标题
通过分布式DOH获得确定的共识
Secure Consensus Generation with Distributed DoH
论文作者
论文摘要
许多应用程序和协议取决于生成一系列服务器来进行多数共识机制的能力,通常这是通过进行普通DNS查询来完成的。最近对NTP和Security增强了使用Chronos [2]的NTP攻击[1]表明,依靠DNS生成NTP服务器池会引入较弱的链接。在这项工作中,我们建议使用分布式DNS-over-HTTPS(DOH)解析器提出一种安全的,向后兼容的地址池生成方法,该方法旨在防止对服务器池生成的攻击。
Many applications and protocols depend on the ability to generate a pool of servers to conduct majority-based consensus mechanisms and often this is done by doing plain DNS queries. A recent off-path attack [1] against NTP and security enhanced NTP with Chronos [2] showed that relying on DNS for generating the pool of NTP servers introduces a weak link. In this work, we propose a secure, backward-compatible address pool generation method using distributed DNS-over-HTTPS (DoH) resolvers which is aimed to prevent such attacks against server pool generation.
