Towards Secure Name Resolution on the Internet

Size: px

Start display at page:

Download "Towards Secure Name Resolution on the Internet"

Tiffany Gabriella Owens
6 years ago
Views:

1 Towards Secure Name Resolution on the Internet C. Grothoff M. Wachs M. Ermert J. Appelbaum The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee

2 Security Goals for Name Systems Query origin anonymity Data origin authentication and integrity protection Zone confidentiality Query and response privacy Censorship resistance Availability, DDoS-resistance 2 / 17

3 Exemplary Attacks: MORECOWBELL 3 / 17

4 Exemplary Attacks: QUANTUMDNS 4 / 17

5 DNSSEC Root Zone a.root-servers.net. Stub Resolver A RRSIG example.com. K0rp9n... AD DNSSEC Trust Anchor 49AAC1... Recursive Name Server NS a.gtld-servers.net.test DS E2D3C9... RRSIG. S4LXnQiBS... NS a.gtld-servers.net.test DS 3490A6... RRSIG com. U/ZW6P3c....com a.gtld-servers.net. A RRSIG example.com. K0rp9n... example.com a.iana-servers.net. 5 / 17

6 Query Name Minimization Stub Resolver A Recursive Name Server NS com? NS a.gtld-servers.net. NS example.com? NS a.iana-servers.net. Root Zone a.root-servers.net..com a.gtld-servers.net A example.com a.iana-servers.net 6 / 17

7 DNS over TLS Stub Resolver A Recursive Name Server NS a.gtld-servers.net. NS a.iana-servers.net. Root Zone a.root-servers.net..com a.gtld-servers.net. A example.com a.iana-servers.net. 7 / 17

8 The Textbook Version of the Internet Layering, 1990 HTTPS DNS TLS UDP TCP IPv4 Ethernet Phys. Layer 8 / 17

9 The Textbook Version of the Internet Layering, 1990 Layering, 2020 HTTPS DNS TLS UDP TCP IPv4 Ethernet Phys. Layer HTTPS TLS-with-DANE DNS-over-TLS TLS TCP IPv6 Ethernet Phys. Layer libmicrohttpd libgnutls libunbound libnss Linux Linux = castrated version without RFC 6125 or RFC 6394, possibly NULL cipher, see TLS profiles draft. 8 / 17

10 DNSCurve DNSCurve Cache Public Key P c Private Key S c NS a.gtld-servers.net. NS uz5...hyw.iana-servers.net. Root Zone a.root-servers.net..com a.gtld-servers.net. Pc, N, E () N, E (A ) DNSCurve Server example.com uz5...hyw.iana-servers.net. 9 / 17

11 Confidential DNS Stub Resolver A Recursive Name Server ENCRYPT.? ENCRYPT P ENCRYPT. EP ( K)? ENCRYPT EK (A ) example.com a.iana-servers.net. 10 / 17

12 Namecoin Namecoin Client Local Copy of Block Chain Append registration to block chain Get copy of block chain P2P Network Block Chain 11 / 17

13 The GNU Name System (GNS) Bob s NSS.gnu = Pbob A Bob s GNS Service Pbob zone database carol PKEY Pcarol www A PUT (H(carol, Pbob), E(PKEY Pcarol)) PUT (H(www, Pbob), E(A )) Carols s GNS Service Pcarol zone database www A PUT (H(www, Pcarol), E(A )) GET (H(carol, Pbob)) DHT E (PKEY Pcarol) GET (H(www, Pcarol)) E (A ) P2P Network Alice s NSS.gnu = Palice A Alice s GNS Service A Palice zone database bob PKEY Pbob www A / 17

14 GNS and Query Privacy: Terminology G generator in ECC curve, a point n size of ECC group, n := G, n prime x private ECC key of zone (x Z n ) P public key of zone, a point P := xg l label for record in a zone (l Z n ) R P,l q P,l B P,l set of records for label l in zone P query hash (hash code for DHT lookup) block with encrypted information for label l in zone P published in the DHT under q P,l 13 / 17

15 GNS and Query Privacy: Cryptography Publishing records R P,l as B P,l under key q P,l h : = H(l, P) (1) d : = h x mod n (2) B P,l : = S d (E HKDF (l,p) (R P,l )), dg (3) q P,l : = H(dG) (4) 14 / 17

16 GNS and Query Privacy: Cryptography Publishing records R P,l as B P,l under key q P,l h : = H(l, P) (1) d : = h x mod n (2) B P,l : = S d (E HKDF (l,p) (R P,l )), dg (3) q P,l : = H(dG) (4) Searching for records under label l in zone P h : = H(l, P) (5) q P,l : = H(hP) = H(hxG) = H(dG) obtain B P,l (6) R P,l = D HKDF (l,p) (B P,l ) (7) 14 / 17

17 Summary Protection against Ease of Manipulation Zone Client observation Traffic Censorship / Migration / by MiTM walk network operator Amplifi. Legal attacks Compatibility DNS +++ DNSSEC failed +/- + DNSCurve + DNS-over-TLS n/a + Conf. DNS n/a ++ Namecoin - GNS - - EDNS0 15 / 17

18 Conclusion Query name minimization is low-cost, low-benefit approach, but should clearly be done Simple encryption schemes offer medium-cost, medium-benefit approach NameCoin does not help with privacy at all GNU Name System performance depends on the DHT need to invest more in DHT design & implementation 16 / 17

19 Do you have any questions? Yves Eudes, Christian Grothoff, Jacob Appelbaum, Monika Ermert, Laura Poitras, Matthias Wachs: MoreCowBell, nouvelles révélations sur les pratiques de la NSA. Le Monde, Nathan Evans and Christian Grothoff. R 5 N. Randomized Recursive Routing for Restricted-Route Networks. 5th International Conference on Network and System Security, Matthias Wachs, Martin Schanzenbach and Christian Grothoff. A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System. 13th International Conference on Cryptology and Network Security, / 17

The GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance

The GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance Christian Grothoff The GNUnet Project 28.04.2017 Never doubt your ability to change the world.