JP2018074395A - Data communication system, cache dns device and cyber attack prevention method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve problems of delay of cyclic investigation caused by ASP, non-linked malicious Web server being latent, flexible communication control being disabled, outflow of communication privacy of a client to ASP and a load of the client.SOLUTION: The present invention relates to a data communication system comprising a cache DNS server 15 and an authority DNS server 23. When a DNS query is received from a client 12, the cache DNS server receives a DNS response including an IP address corresponding to a URL and a safety evaluation result from the authority DNS server 23. In a case where the received safety evaluation result meets a communication permission policy, the cache DNS server permits a transmission to the IP address described on the DNS response for the client 12. The authority DNS server holds the safety evaluation result of each URL connected within an ISP network 92 and, when the DNS query is received, transmits the DNS response to the cache DNS server 15.SELECTED DRAWING: Figure 4

Description

  The present disclosure relates to a data communication method for preventing a communication attack on a server and a communication attack on a client in communication between a Web server and a client on the Internet.

  FIG. 1 shows a connection configuration example between a Web server and a client via the Internet according to related technology. In FIG. 1, for easy understanding, an ISP network 91 managed by a first ISP (Internet Service Provider) and an ISP network 92 managed by a second ISP are connected via the Internet 93. Indicates. The client 12 is one of terminals connected in the ISP network 91 and is connected to a gateway router (hereinafter referred to as GW) 11 at the boundary between the ISP network 91 and the Internet 93, and the GW 11 is connected to the ISP network 91. The cache DNS server 15 is connected.

  The Web server 22 is one of terminals connected in the ISP network 92 and is connected to the GW 21 at the boundary between the ISP network 92 and the Internet. The GW 21 is an authoritative DNS (Domain Name System) server in the ISP network 92. 23 is connected. In the following description, the Web server 22 corresponding to the URL range (zone) managed by the authoritative DNS server will be described as the range of the Web server 22 connected to the ISP network 92 in order to simplify the description.

  The GW 11 and the GW 21 allow all outgoing calls from within the ISP network to pass, but forward outgoing calls forward only communications addressed to the IP addresses of the authoritative DNS server and Web server. The GW 11 and the GW 21 are connected via the Internet 93. The Internet 93 refers to the IP address of the IP packet received from the GW 11 and the GW 21, and transfers the IP packet to the GW 21 and the GW 11 serving as destinations.

  ASP (Application Service Provider) IDS (Intrusion Detection System) servers 14 and 24 are periodically connected to each Web server using link information between Web servers connected to the Internet 93, and utilize IDS technology. A list of URLs of Web servers that perform dangerous processing by investigating whether there is a process (communication attack) that threatens the safety of the client, such as malware infection from each Web server to the client or impersonation of another Web server (black) List) and secure Web server URL list (white list). ASP is, for example, Google (registered trademark) and Microsoft (registered trademark). In FIG. 1, illustration of web servers other than the web server 22 is omitted.

  The Web browser of the client 12 communicates with the IDS servers 14 and 24 and controls outgoing calls using the black list or white list. As of May 2016, Firefox (registered trademark), Safari (registered trademark), and Chrome (registered trademark) are blacklists provided by Google (registered trademark), Internet Explorer (registered trademark) and Edge ( (Registered trademark) can use a white list provided by Microsoft (registered trademark). Hereinafter, the processing outline of Firefox (registered trademark) will be described based on public information.

  Firefox (registered trademark) uses an API (Application Programming Interface) called Google Safe Browsing (registered trademark) to download the black list into the client terminal. The black list is a list in which each dangerous URL is hashed. When the user uses the client's Firefox (registered trademark) to instruct the connection with the URL specified by the user, the Web browser, when the hash value of the URL is in the black list, sends the IDS servers 14 and 24 Notify URL. The IDS servers 14 and 24 respond to the Firefox (registered trademark) whether or not the URL is in the black list. If the URL is on the black list, Firefox (registered trademark) displays a warning to the user, and the user can refrain from connecting to a dangerous Web server. When the URL of the connection destination Web server is not in the black list, the client (also called a stub resolver) uses the DNS query (FIG. 2) to determine the IP address of the Web server corresponding to the URL, and also calls a cache DNS server (also called a full service resolver). ) When the URL is the host name of the Web server 22, the cache DNS recursively searches the IP address of the authoritative DNS server 23 that manages the information corresponding to the URL to the root DNS server or the DNS server of the upper domain by the DNS protocol. The DNS query is transferred to the authoritative DNS server 23. Here, the authoritative DNS server 23 is also called a content server, and functions as the authoritative DNS server 23 of the ISP network 92 in the example shown in the figure. In FIG. 1, the notation of the root DNS server and the DNS server of the higher domain is omitted.

  As shown in FIG. 3, the authoritative DNS server 23 has an IP address (answer part) of the Web server 22 and a public key (DNSKEY (configured by a pair of a public key and a secret key) possessed by the authoritative DNS server. (Domain Name System KEY) record) and a DNS response including a signature (RRSIG (Resource Record Signature) record) obtained by encrypting the hash value of the IP address with the private key corresponding to the public key is returned to the cache DNS server 15. The cache DNS server 15 confirms the identity of the signature key corresponding to the zone of the cache DNS server 15 based on the reliability chain from the root DNS server, using the protocol procedure of the existing DNSSECEXT (DNS Security Extensions). Next, the signature of the DNS response received using the public key is decrypted and compared with the hash value of the signature range. If they match, it is determined that the signature range has not been tampered with, and a DNS response including the IP address is returned to the client 12. As described above, the client 12 obtains the IP address of the Web server 22 and can perform IP communication with the Web server 22.

Related technologies have the following problems.
First problem: Delay in patrol survey by ASP. As of 2015, there are over 300 million domains worldwide. For this reason, if one ASP circulates and investigates all the web servers, the investigation interval becomes long, and during the investigation, there is a possibility that the web server is contaminated by an attacker and becomes a dangerous web server for the client. It cannot be ignored.

  Second problem: latent malicious server without link. A malicious server such as a C & C server that communicates with malware infecting a client and remotely controls a client terminal may not register a URL in a DNS server and may not have a link from another Web server. The server has a problem that it is not possible to perform a patrol survey using a Web link.

  Third problem: Outflow of client communication privacy to ASP. When an attacker deciphers the black list, it becomes an attack hint. Therefore, the client notifies the ASP of a potentially dangerous URL, and the ASP makes a final determination. For this reason, there is a problem that the client is forced to disclose a part of the communication privacy to the ASP in exchange for the safety of the communication.

  Fourth problem: client load. The client needs to obtain a blacklist from the ASP and perform processing such as hash collation, and for that purpose, it is necessary to verify the PKI certificate. The burden is high on machine terminals such as sensors, which have low power and low processing power.

JP2012-080358A JP 2009-232116 A

  The present disclosure solves the problems of delay in patrol investigation by ASP, latent web server without link, inability to flexibly control communication, outflow of client communication privacy to ASP, and client load. With the goal.

Specifically, the data communication system of the present disclosure is:
A Web server connected to the first ISP network, holding a first communication permission policy for each terminal in the first ISP network, and connected to a second ISP network different from the first ISP network When a DNS query for inquiring about the IP address corresponding to the URL is received from a terminal in the first ISP network, a DNS response including the IP address corresponding to the URL and the security evaluation result is received from the authoritative DNS device of the second ISP network. If it is received and it is determined whether the received safety evaluation result satisfies the first communication permission policy and the first communication permission policy is satisfied, the transmission permission to the IP address described in the DNS response is set in the DNS query. A cache DNS device for the terminal of the transmission source;
When a DNS query is received from the first ISP network, the security evaluation result of each URL connected to the second ISP network is stored in the second ISP network, and is described in the DNS query. An authoritative DNS device that transmits a DNS response including the IP address corresponding to the URL and the security evaluation result to the cache DNS device of the first ISP network;
Is provided.

Specifically, the cache DNS device of the present disclosure is:
A DNS query for inquiring about an IP address corresponding to the URL of a Web server connected to a second ISP network different from the first ISP network to which the own apparatus is connected is received from a terminal in the first ISP network. Then, a DNS response including the IP address corresponding to the URL and the security evaluation result is received from the authoritative DNS of the second ISP network,
The first communication permission policy for each terminal in the first ISP network is held, and it is determined whether or not the safety evaluation result received from the authoritative DNS of the second ISP network satisfies the first communication permission policy. When the first communication permission policy is satisfied, the transmission permission to the IP address described in the DNS response is permitted to the terminal that is the transmission source of the DNS query.

Specifically, the communication attack prevention method of the present disclosure is:
A DNS query in which the cache DNS of the first ISP network inquires an IP address corresponding to the URL of the Web server connected to the second ISP network different from the first ISP network is stored in the first ISP network. When received from the terminal, a procedure for receiving a DNS response including the IP address corresponding to the URL and the security evaluation result from the authoritative DNS of the second ISP network;
Whether the cache DNS of the first ISP network refers to the first communication permission policy for each terminal in the first ISP network, and the security evaluation result received from the authoritative DNS satisfies the first communication permission policy. And when the first communication permission policy is satisfied, a procedure for permitting the terminal that is the source of the DNS query to be permitted to make a call to the IP address inquired by the DNS query;
Is provided.

  According to the present disclosure, it is possible to solve the problems of the delay of the patrol investigation by the ASP, the latent web server without a link, the outflow of the client communication privacy to the ASP, and the client load.

It is a figure which shows the structural example of the data communication system which concerns on related technology. An example of the DNS query which concerns on related technology is shown. An example of the DNS response which concerns on related technology is shown. 1 is a diagram illustrating a configuration example of a data communication system according to a first embodiment. An example of the DNS query which concerns on Embodiment 1 is shown. An example of the DNS response which concerns on Embodiment 1 is shown. An example of a communication permission policy is shown. An example of the standard format of a DNS resource record is shown. 2 shows an example of an RDATA format according to the present disclosure. It is a specific example of the safety evaluation result described in the RDATA format. It is a figure which shows the structural example of the data communication system which concerns on Embodiment 2. FIG. An example of the DNS response which concerns on Embodiment 2 is shown. An example of the DNS query which concerns on Embodiment 3 is shown. An example of the DNS response which concerns on Embodiment 3 is shown.

  Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings. In addition, this indication is not limited to embodiment shown below. These embodiments are merely examples, and the present disclosure can be implemented in various modifications and improvements based on the knowledge of those skilled in the art. In the present specification and drawings, the same reference numerals denote the same components.

(Embodiment 1)
FIG. 4 is a configuration example of the data communication system according to the present embodiment. In this embodiment, a connection configuration example between the Web server 22 and the client 12 via the Internet 93 is shown. An IDS server 24 is additionally installed in the ISP network 92 with respect to the configuration of FIG. Further, the first to fourth problems described above are solved by adding means for performing the following processing to the Web server 22, the cache DNS server 15, the authoritative DNS server 23, and the GW 11.

  When the Web server 22 is connected to the ISP network 92, the Web server 22 registers the correspondence between the URL and the IP address in the authoritative DNS server 23 using the DNS (Dynamic DNS) protocol which is an existing technology. When the authoritative DNS server 23 receives the registration of the URL, the authority DNS server 23 registers the URL in the IDS server 24. Thereafter, the IDS server 24 periodically and automatically checks the reliability level of the host corresponding to all registered URLs in the ISP network 92 by utilizing the existing IDS technology, and the evaluation result is obtained in units of URLs. Register with the authoritative DNS server 23. Here, the evaluation result can be exemplified by, for example, safety / danger, latest survey time, and past risk determination history, and is hereinafter referred to as “safety evaluation result”. The authoritative DNS server 23 signs and holds the security evaluation result with the secret key of the zone of the ISP network 92 in addition to the IP address corresponding to each URL.

  The operator of the ISP network 91 registers the communication permission policy P 1 in the cache DNS server 15. The communication permission policy P1 is a policy that permits communication between each terminal in the ISP network 91 and an external host. Here, the policy is, for example, a safety judgment by an ISP to which an external host belongs, the latest survey time is within two days, one month or more has passed since the past risk judgment, etc. write.

  When the DNS server 15 receives the DNS query from the client 12, the cache DNS server 15 manages the information corresponding to the URL in the root DNS server or the DNS server of the higher domain by the DNS protocol (ISP in the example in the figure). The IP address of the authoritative DNS server 23) of the network 92 and the presence / absence of correspondence to the present disclosure are obtained by recursive search. It should be noted that whether the IP address of the authoritative DNS server 23 is registered in the upper DNS server is also registered as to whether or not the present disclosure is supported.

  When obtaining the IP address of the authoritative DNS server 23, the cache DNS server 15 adds the domain name of the client side zone and the IP address of the cache DNS server 15 to the DNS query received from the client 12, as shown in FIG. . Also, a signature for the IP address and zone name is created using the private key of the client side zone signing key, added to the DNS query, and the public key of the client side zone signing key is assigned to the authoritative DNS server 23. Send. Here, for example, a signature obtained by encrypting a hash value of a signature range with a secret key can be used. The client-side zone signature key in this embodiment is a zone signature key of the ISP network 91 to which the cache DNS server 15 is connected.

  The authoritative DNS server 23 confirms the identity of the signature key corresponding to the zone of the cache DNS server 15 by using the existing DNSSEC protocol procedure and the reliability chain from the root DNS server. Next, the signature of the DNS query received using the public key is decrypted, compared with the hash value of the signature range, and if it matches, if it is determined that the signature range has not been tampered with, the A record (IP Address), the security evaluation result, the signature created with the private key of the server-side zone signing key, and the public key of the server-side zone signing key are added, stored in a DNS response, and returned (FIG. 6). The server-side zone signature key in this embodiment is a zone signature key of the ISP network 92 to which the authoritative DNS server 23 is connected.

  The cache DNS server 15 confirms the identity of the signature key corresponding to the zone of the authoritative DNS server 23 by the reliability chain from the root DNS server according to the protocol procedure of the existing DNSSEC. Next, the signature attached to the DNS response is determined using the public key. If there is no alteration of the security evaluation result by the IP address of the Web server 22 and the ISP network 92, the information is cached and the client 12 The IP address of the Web server 22 is returned by the DNS response. Further, the cache DNS server 15 collates the safety evaluation result with the communication permission policy P1, and when permitting communication, instructs the GW 11 to permit transmission to the IP address. An example of the communication permission policy is shown in FIG.

  The method for storing the safety evaluation result and the communication permission policy in the DNS response conforms to the existing response protocol. However, “security / policy record” is newly defined in the resource record (type of data related to the domain name) transmitted by the DNS packet, and these are stored in the DNS packet according to the standard format of the resource record.

  A standard format of the resource record is shown in FIG. Here, the “domain name” is the host name in the URL inquired by the DNS query. “Type” is a value indicating the type of resource record. A “class” is a name space to which a domain name belongs, and currently only the Internet is used. “TTL” indicates a time during which the information of the resource record is valid. “RDATA” is information defined for each type of resource record.

  In the “safety / policy record”, a new RDATA format is defined. An example is shown in FIG. In this example, a maximum of 255 safety evaluation results and a maximum of 255 communication permission policies are transmitted. Each safety evaluation result and communication permission policy are fixed to a total of 16 bits including an item code (8 bits) and a content code (8 bits). An example of each item and contents and an example of a method for evaluating them are shown in FIG. Note that the value of the content code specified in the communication permission policy means that the connection is permitted when the safety evaluation result of the partner terminal is the same or small.

  The GW 11 of the ISP network 91 manages a list of IP addresses that are instructed to allow outgoing calls. When receiving an IP packet addressed outside the ISP network 91 from the client 12, the GW 11 refers to the list, and an IP packet whose destination is not in the list is It is discarded without being transferred outside the ISP network 91.

  As described above, in the present embodiment, in the communication between the Web server 22 and the client 12, the second ISP network 92 that assigns a URL to the Web server 22 evaluates the safety of the Web server 22 and is the result. The safety evaluation result is disclosed on the authoritative DNS server 23. Then, the cache DNS server 15 compares the security evaluation result obtained from the authoritative DNS server 23 with the security policy P1 that the cache DNS server 15 has in advance. It is determined whether communication with the server 22 is permitted, and only IP packets addressed to the Web server 22 permitted to communicate are permitted to be transmitted to the Internet 93.

  Here, in the present embodiment, the cache DNS server 15 adds the IP address and zone name of the cache DNS server 15 to the DNS query, and creates them with the client-side zone signature key corresponding to the zone of the cache DNS server 15 The signature is added and transmitted to the authoritative DNS server 23. Here, the signature is obtained by encrypting a hash value to be signed with a secret key, for example. The authoritative DNS server 23 uses the existing DNSSEC protocol procedure to confirm the identity of the server-side zone signing key corresponding to the zone using the trust chain from the root DNS server (not shown). The signature is decrypted using the key, and the obtained hash value is compared with the hash value calculated from the signature range and verified.

Each of the first problem to the fourth problem according to the present disclosure will be described below as to how the present disclosure solves.
・ First issue: Delay in patrol survey by ASP.
In the present disclosure, each ISP network is provided with an IDS server, and a patrol survey is distributed among ISP networks. For this reason, as compared with the case where each ASP independently surveys all Web servers in the Internet 93, it is possible to conduct a survey with a short period and high accuracy.
Second problem: the latent of a malicious Web server without a link.
In the present disclosure, each ISP network includes an authoritative DNS server, and an ISP network that assigns a URL to a Web server investigates only Web servers in the domain in a distributed manner. For this reason, since there are few investigation object numbers compared with the existing technology in which each ASP investigates the web server of the whole world, it can investigate quickly. In the present disclosure, since the investigation is performed with reference to the record of the authoritative DNS server 23, there is no omission in the investigation of the web server or client having the URL. Also, the client-side ISP network 91 blocks outgoing calls to a Web server that does not have a URL, thereby preventing the malicious Web server from becoming latent.
Third problem: Outflow of client communication privacy to ASP.
In the present disclosure, it is not necessary to notify the ASP of the communication partner to the ASP.
Fourth problem: client load In the present disclosure, it is not necessary to manage or collate a black list by a client.

  Further, in the present disclosure, the party that notifies the security evaluation result and the communication permission policy on the Web server 22 side is limited to the cache DNS server 15 having the zone signature key assigned by DNSSEC, and the spoofing of the IP address is prevented. Therefore, it is possible to prevent leakage to the Service-to-Self. For this reason, detailed information including the distinction between a secure Web server and an unexamined Web server can be notified to the ISP network 91 on the client side, and flexible communication control can be performed on the client side.

  As a method for preventing the server-side ISP network 92 from impersonating the client-side ISP network 91, application of existing technologies such as PKI (Public Key Infrastructure) and Single Sign On can be considered. The burden on the ISP such as management and creation of an IdP (Identity Provider) account is large, and an additional authentication procedure is required in addition to the existing DNS procedure, resulting in a problem that processing performance and connection delay deteriorate. On the other hand, the root DNS server has become the root of reliability, and DNSSEC technology for guaranteeing the identity of the zone signature key used for preventing alteration of DNS reply data is becoming widespread. In the present disclosure, this key is used and the DNSSEC protocol is extended, so that authentication of the IP address of the DNS request can be realized without burdening the ISP or adding a procedure other than DNS.

  If there is a possibility that a DNS query or response may be eavesdropped on the path between the ISP network 91 and the ISP network 92, the cache DNS server 15 and the authoritative authority are not increased without increasing the number of messages between the ISP networks 91 and 92. A common key can be shared and encrypted between the DNS servers 23.

  If there is no danger of eavesdropping or tampering with a DNS query or response on the path between the ISP network 91 and the ISP network 92, signature creation and encryption for each DNS query can be performed by deleting encryption using a common key. Processing becomes unnecessary, and the influence on the performance of the cache DNS server 15 and the authoritative DNS server 23 can be reduced.

(Embodiment 2)
When an IP packet from an arbitrary client who knows the IP address of the Web server 22 arrives at the Web server 22, there is a possibility that the Web server 22 is attacked by a malicious person. The data communication system according to the present embodiment realizes prevention of such attacks on the Web server 22.

  FIG. 11 is a configuration example of the data communication system according to the present embodiment. The data communication system according to the present embodiment further includes a configuration in which an authoritative DNS server 13 and an IDS server 14 are added to the client-side ISP network 91 and the following processing is performed. Thereby, the data communication system according to the present embodiment prevents attacks on the Web server 22.

  When the client 12 connects to the ISP network 91, the authoritative DNS server 13 registers the correspondence between the URL of the client 12 and the IP address, as with the IDS server 22. When the authoritative DNS server 13 accepts the URL registration, the authoritative DNS server 13 registers the URL in the IDS server 14 in the same manner as the authoritative DNS server 23. Thereafter, the IDS server 14 periodically checks the reliability levels of the hosts corresponding to all registered URLs in the ISP network 91 by utilizing the existing IDS technology, and the search results are obtained in units of URLs. The security evaluation result is registered in the authoritative DNS server 13.

  The operator of the ISP network 92 registers in the authoritative DNS server 23 a communication permission policy P2 that permits communication between the ISP network 92 and an external host. As shown in FIG. 12, the authoritative DNS server 23 uses the server-side zone for the communication permission policy P2 in addition to the IP address of the Web server 22 (answer part in the data part) and the safety evaluation result generated in the first embodiment. A signature with a signature key is attached, stored in a DNS response, and returned.

  When the communication permission policy P2 is included in the DNS response received from the authoritative DNS server 23, the cache DNS server 15 searches the authoritative DNS server 13 by the IP address of the client 12, and obtains the security evaluation result of the client 12 read. When the security evaluation result of the Web server 22 satisfies the communication permission policy P1 of the ISP network 91 and the safety evaluation result of the client 12 satisfies the communication permission policy P2 of the ISP network 92, the cache DNS server 15 The GW 11 is instructed to permit transmission to the IP address. By dividing the communication permission policies P1 and P2 for each host or each host type, more flexible communication control is possible.

  As described above, in the present embodiment, the ISP on the Web server 22 side discloses the conditions for allowing the client 12 to communicate with the Web server 22 on the authoritative DNS server 23, and the client-side cache DNS server 15 compares with the security evaluation result of the client 12 determined by the client-side ISP to determine whether to permit communication. As a result, in the present embodiment, on behalf of the Web server or the terminating ISP, the originating ISP determines the security of the client 12 and determines whether or not the connection to the Web server 22 is possible. Can be prevented.

(Embodiment 3)
The data communication system according to the present embodiment encrypts information such as a URL in the first or second embodiment.

  FIG. 13 shows an example of the DNS query in this embodiment. The cache DNS server 15 encrypts the query part of the DNS query with a common key, encrypts the common key with the public key of the server-side zone signature key, attaches a signature with the secret key of the client-side zone signature key, and authorizes the DNS It transmits to the server 23. Here, the common key includes identification information of the encryption algorithm.

  The authoritative DNS server 23 verifies the signature of the DNS query with the public key of the client-side zone signature key, and confirms that the signature range has not been tampered with. When there is no falsification, the authoritative DNS server 23 decrypts the common key using the secret key of the server-side zone signature key, and decrypts the query unit using the obtained common key.

  FIG. 14 shows an example of the DNS response in the present embodiment. The authoritative DNS server 23 creates an answer part corresponding to the inquiry URL obtained by decryption, encrypts the query part of the DNS response, and records other than the signature and signature key of the answer part with the common key, Returned to the cache DNS server 15. Here, the answer unit includes the IP address of the URL, the security evaluation result of the Web server 22, and the communication permission policy P2.

  In the present embodiment, when the cache DNS server 15 transmits a DNS query, the query part of the DNS query is encrypted with a common key, the common key is encrypted with the public key of the server side zone signature key, and the client side zone signature key A signature with a secret key is attached and transmitted to the authoritative DNS server 23. On the other hand, the authoritative DNS server 23 verifies the signature of the DNS query with the public key of the client-side zone signature key, and if the signature range has not been tampered with, decrypted with the secret key of the server-side zone signature key The query part is decrypted using the common key. Next, an answer part corresponding to the inquiry URL obtained by decryption is created, and the DNS response query part and the record other than the answer part signature and signature key are encrypted with the common key, and the cache DNS server Return to Therefore, this embodiment can prevent eavesdropping on the path between the authoritative DNS server 23 and the cache DNS server 15.

  The present disclosure can be applied to the information communication industry.

11, 21: GW
12: Client 14, 24: IDS server 15: Cache DNS server 22: Web server 13, 23: Authoritative DNS server 91, 92: ISP network 93: Internet

Claims (9)

A Web server connected to the first ISP network, holding a first communication permission policy for each terminal in the first ISP network, and connected to a second ISP network different from the first ISP network When a DNS query for inquiring about the IP address corresponding to the URL is received from a terminal in the first ISP network, a DNS response including the IP address corresponding to the URL and the security evaluation result is received from the authoritative DNS device of the second ISP network. If it is received and it is determined whether the received safety evaluation result satisfies the first communication permission policy and the first communication permission policy is satisfied, the transmission permission to the IP address described in the DNS response is set in the DNS query. A cache DNS device for the terminal of the transmission source;
When a DNS query is received from the first ISP network, the security evaluation result of each URL connected to the second ISP network is stored in the second ISP network, and is described in the DNS query. An authoritative DNS device that transmits a DNS response including the IP address corresponding to the URL and the security evaluation result to the cache DNS device of the first ISP network;
A data communication system comprising: The cache DNS device of the first ISP network has signed the IP address of its own device and the zone name of the first ISP network using the secret key of the zone signature key of the first ISP network, and the first The public key of the zone signature key of the first ISP network is added to the DNS query received from the terminal in the first ISP network and transmitted to the authoritative DNS device of the second ISP network,
The authoritative DNS device of the second ISP network uses the public key of the zone signature key of the first ISP network to confirm that the IP address and zone name described in the DNS query are not falsified.
The data communication system according to claim 1. The authoritative DNS device of the second ISP network signed the IP address corresponding to the URL described in the DNS query and the security evaluation result using the secret key of the zone signature key of the second ISP network. And the public key of the zone signature key of the second ISP network is transmitted to the cache DNS device of the first ISP network,
The cache DNS device of the first ISP network uses the public key of the zone signature key of the second ISP network to confirm that the IP address and the security evaluation result described in the DNS response are not falsified.
The data communication system according to claim 1 or 2. The cache DNS device of the first ISP network encrypts the URL described in the DNS query with a common key, encrypts the common key with the public key of the zone signature key of the second ISP network, and encrypts the common The signature of the key, the IP address of the own device and the zone name of the first ISP network using the secret key of the zone signature key of the first ISP network, and the zone signature key of the first ISP network Add the public key to the DNS query received from the terminal in the first ISP network and send it to the authoritative DNS device of the second ISP network;
The authoritative DNS device of the second ISP network confirms that the encrypted common key, IP address, and zone name described in the DNS query using the public key of the zone signature key of the first ISP network are not falsified. Confirming, decrypting the common key encrypted using the secret key of the zone signature key of the second ISP network, and decrypting the encrypted URL using the decrypted common key;
The data communication system according to any one of claims 1 to 3. The authoritative DNS device of the second ISP network encrypts the URL, IP address, and security evaluation result described in the DNS response using the common key described in the DNS query.
The data communication system according to claim 4. The authoritative DNS device of the second ISP network transmits a second communication permission policy for each terminal in the second ISP network to the DNS response of the first ISP network in addition to the DNS response,
In the cache DNS device of the first ISP network, the safety evaluation result described in the DNS response satisfies the first communication permission policy, and the DNS query transmission source terminal is described in the DNS response. When the communication permission policy of 2 is satisfied, the transmission permission to the IP address described in the DNS response is permitted to the terminal of the DNS query transmission source.
The data communication system according to any one of claims 1 to 5. The authoritative DNS device of the second ISP network encrypts the second communication permission policy by using the common key described in the DNS query, and adds the second ISP network to the encrypted second communication permission policy. The signature using the private key of the zone signature key and the public key of the zone signature key of the second ISP network are transmitted to the cache DNS device of the first ISP network,
The cache DNS device of the first ISP network confirms that the second communication permission policy described in the DNS response has not been tampered with using the public key of the zone signature key of the second ISP network.
The data communication system according to claim 6. A DNS query for inquiring about an IP address corresponding to the URL of a Web server connected to a second ISP network different from the first ISP network to which the own apparatus is connected is received from a terminal in the first ISP network. Then, a DNS response including the IP address corresponding to the URL and the security evaluation result is received from the authoritative DNS of the second ISP network,
The first communication permission policy for each terminal in the first ISP network is held, and it is determined whether or not the safety evaluation result received from the authoritative DNS of the second ISP network satisfies the first communication permission policy. When the first communication permission policy is satisfied, the transmission permission to the IP address described in the DNS response is permitted to the terminal that is the source of the DNS query.
A cache DNS device comprising: A DNS query in which the cache DNS of the first ISP network inquires an IP address corresponding to the URL of the Web server connected to the second ISP network different from the first ISP network is stored in the first ISP network. When received from the terminal, a procedure for receiving a DNS response including the IP address corresponding to the URL and the security evaluation result from the authoritative DNS of the second ISP network;
Whether the cache DNS of the first ISP network refers to the first communication permission policy for each terminal in the first ISP network, and the security evaluation result received from the authoritative DNS satisfies the first communication permission policy. And when the first communication permission policy is satisfied, a procedure for permitting the terminal that is the source of the DNS query to be permitted to make a call to the IP address inquired by the DNS query;
A communication attack prevention method comprising:

Images