JoWUA

Abstract

Customer Edge Switching (CES) serves an extension of the classical firewall functionality that is able to communicate with other security devices to establish whether network traffic should be considered as benign or malicious. CES is envisioned to be utilized in future generation networks like 5G. In this paper, we first describe the CES concept and how it uses Domain Name System (DNS) protocol. Then, we discuss the attack model and how the current CES implementation that lacks DNS encryption/authentication can be exploited through the man-in-the-middle (MitM) attacks. Finally, we extend the current CES implementation to fix this gap by adding DNSCrypt and DNSSEC functionalities. Obtained experimental results prove that most of the attacks can be easily defended by these countermeasures.