The Importance of Being an Earnest stub

Transcription

1 The Importance of Being an Earnest Challenges and solution for the versatile Willem Toorop 13 May 2017 OARC 26 (Madrid)

2 From the ground-up security et n A rc a -o s 98 n 1 d Recursive dns-oarc WebSrv https Every secure connection is preceded by a DNS lookup The does the lookup at the request of the application The recursive does all the heavy lifting 2/45

3 From the ground-up security t ne rc oa 61 s dn 66 = et n A rc a -o s 98 n 1 d Validation Recursive dns-oarc WebSrv https DNSSEC protects against cache poisoning 3/45

4 From the ground-up security dn s-o ar c ne t A? Validation Recursive dns-oarc WebSrv http DNSSEC protects against cache poisoning But not against hijacking ( ie ARP or DHCP hijacking or routing tricks ) THE FIRST/LAST MILE 4/45

5 From the ground-up security A et n c Y r E a SK DS DN s-o Y E SK dn DN t ne KEY DS DNSSEC Aware S DN dns-oarc Recursive WebSrv https DNSSEC protects against cache poisoning But not against hijacking One possibility: DNSSEC on the THE FIRST/LAST MILE 5/45

6 From the ground-up security/privacy dn s- oa rc n et A 19 8 Validation Recursive dns-oarc WebSrv https DNSSEC protects against cache poisoning But not against hijacking Another possibility: DNS over TLS THE FIRST/LAST MILE 6/45

7 From the ground-up security/privacy Applies to DNS over TLS too 19 8 dns-oarc WebSrv 1 19 https https 64 Validation Recursive 0 dn s -o ar c ne t A TLS hijacking? Is That Possible?! Durumeric, Zakir, et al "The Security Impact of HTTPS Interception" Network and Distributed Systems Symposium (NDSS 17) /45

8 From the ground-up security/privacy Strengthen TLS security with the : DANE ( DNS-based Authentication of Named Entities ) Also signalling system for TLS support ( For application without user interaction ) 8/45

9 From the ground-up security/privacy Authenticate DNS-over-TLS with DANE? dn s-oa 64 rc 1 n 91 et 0 A 1 98 Validation Recursive dns-oarc WebSrv https Bootstrap the TLSA lookup with regular DNS? 9/45

10 From the ground-up security/privacy Authenticate DNS-over-TLS with DANE? s dn ap n i et SA TL t ge p t DNSSEC Aware tc _ ne DS S Recursive 53 D pi SKEY _8NSKEY nsa N D t D td ne KEY e g dns-oarc getdnsapi S DN c A dns-oar https Validation Recursive WebSrv Bootstrap the TLSA lookup with regular DNS? Chicken and Egg problem 10/45

11 From the ground-up security/privacy _853_tcpgetdnsapi getdnsapi RRSIGs TLSA DNSKEY DS DNSKEY DS DNSKEY dns-oarc getdnsapi c A dns-oar _853_tcpgetdnsapi TLSA getdnsapi DNSKEY DS DNSKEY DS DNSKEY RRSIGs https Validation Recursive WebSrv Bootstrap the TLSA lookup with regular DNS? Have the TLSA record + the complete DNSSEC authentication chain embedded in a TLS extension 11/45

12 From the ground-up security/privacy _853_tcpgetdnsapi getdnsapi RRSIGs TLSA DNSKEY DS DNSKEY DS DNSKEY dns-oarc getdnsapi _853_tcpgetdnsapi TLSA getdnsapi DNSKEY DS DNSKEY DS DNSKEY RRSIGs https Validation Recursive WebSrv TLS DNSSEC authentication chain Bootstrap the TLSA lookup with regular DNS? extension must be Have the TLSA record + the complete DNSSEC obligatory, to prevent the authentication chain embedded Too in a TLS extension many CA s problem c A dns-oar 12/45

13 From the ground-up security/privacy DNSSEC Availability DNS Privacy status Clear text DNS Private DNS Authenticated Private DNS The is close to the application Inform status of DNSSEC and DNS Privacy 13/45

14 From the ground-up security/privacy Round-robin Validation Recursive Validation Recursive Validation Recursive Validation Recursive Validation Recursive s u n Bo e r u t a e F dns-oarc WebSrv Enhanced privacy by round-robining upstreams 14/45

15 Requirements for the versatile Cross the first DNSSEC mile From the ground up Privacy Strengthened TLS authentication (DANE) Strengthened opportunistic TLS (DANE) Provide status of DNSSEC & DNS over TLS kup DN SSE DN C So v er No TL na S dd re s AP s lo I o s From the ground-up security/privacy 15/45

16 Requirements for the versatile Cross the first DNSSEC mile From the ground up Privacy Strengthened TLS authentication (DANE) Strengthened opportunistic TLS (DANE) Provide status of DNSSEC & DNS over TLS kup DN SSE DN C So v er No TL na S dd re s AP s lo I o s From the ground-up security/privacy 16/45

17 DNSSEC Roadblocks A et n c Y r E a SK DS DN s-o Y E SK dn DN t ne KEY DS recursive S DN dns-oarc WebSrv https Resolving DNSSEC (to cross the first mile) needs DNSSEC Aware recursive 17/45

18 DNSSEC Roadblocks recursive dns-oarc WebSrv https Resolving DNSSEC (to cross the first mile) needs DNSSEC Aware recursive DNSSEC Roadblock Avoidance +Full recursion capability 18/45

19 DNSSEC Roadblocks Does Doesnot notapply applyto tofirst-mile first-mile crossed by DNS-over-TLS crossed by DNS-over-TLS recursive dns-oarc _853_tcpgetdnsapi getdnsapi RRSIGs WebSrv dns-oarc getdnsapi https TLSA DNSKEY DS DNSKEY DS DNSKEY A dns-oarc _853_tcpgetdnsapi TLSA getdnsapi DNSKEY DS DNSKEY DS DNSKEY RRSIGs https Validation Recursive WebSrv Resolving DNSSEC (to cross the first mile) needs DNSSEC Aware recursive DNSSEC Roadblock Avoidance +Full recursion capability 19/45

20 DNSSEC Roadblocks IPv6 Only AAA com A r e t DNS64 twit 2ac1 9b::68e0: 64:ff twittercom NAT64 IPv4 only https https com DNSSEC Roadblock Avoidance IPv6 Address Synthesis Prefix Discovery +DNS64 capability /45

21 DNSSEC Roadblocks IPv6 Only NAT64 twittercom DNS64 com Privacy DNSSEC Roadblock Avoidance IPv6 Address Synthesis Prefix Discovery +DNS64 capability /45

22 DNSSEC Roadblocks Root KSK Rollover DNSSEC validating s must do RFC /45

23 DNSSEC Roadblocks Root In-band In-bandRFC5011 RFC5011tracking tracking KSK with withdnssec DNSSECauth authchain chain TLS TLSextension extension Rollover _853_tcpgetdnsapi getdnsapi RRSIGs TLSA DNSKEY DS DNSKEY DS DNSKEY dns-oarc getdnsapi DNSSEC validating s must do RFC5011 A dns-oarc _853_tcpgetdnsapi TLSA getdnsapi DNSKEY DS DNSKEY DS DNSKEY RRSIGs https Validation Recursive WebSrv 23/45

24 DNSSEC Roadblocks Root KSK Rollover DNSSEC validating s must do RFC5011 A library for DANE has no system config +bootstrap DNSSEC capability: A library for DANE runs with user's privileges 24/45

25 DNSSEC Roadblocks DNSSEC s capability requirements DNSSEC validation DNSSEC Roadblock Avoidance (various) RFC8027 IPv6 Prefix Discovery RFC7050 IPv6 Address Synthesis RFC6147 Automated Trust Anchor Updates RFC5011 Automated Initial Trust Anchor retrieval RFC /45

26 Requirements for the versatile Cross the first DNSSEC mile From the ground up Privacy Strengthened TLS authentication (DANE) Strengthened opportunistic TLS (DANE) Provide status of DNSSEC & DNS over TLS ku p DN SSE DN C So v er No TL na S dd AP re s I s lo o s From the ground-up security/privacy 26/45

27 Requirements for DNS-over-TLS DNS-over-TLS A DNS-over-TLS B Privacy Privacy B TCP fastopen (optional) Connection reuse EDNS0 keepalive EDNS0 padding A /45

28 Requirements for DNS-over-TLS DNS-over-TLS A Connection reuse Pipe-lining of queries C B B A Privacy C (Q/R, Q/R, Q/R) (Q,Q,Q,R,R,R) 28/45

29 Requirements for DNS-over-TLS DNS-over-TLS C B A A DNS-over-TLS B C B B C A C Connection reuse Pipe-lining of queries Process Out-Of-Order-Responses Privacy Privacy A (Q/R, Q/R, Q/R) (Q,Q,Q,R,R,R) (Q1,Q2, R2, R1) 29/45

30 Requirements for DNS-over-TLS 19 8 ne t A Privacy dn s -oar c dns-oarc WebSrv https Strict or Opportunistic usage profiles? 1) Authenticated Private DNS 2) Private DNS 3) Clear text DNS 30/45

31 Requirements for DNS-over-TLS 19 8 ne t A Privacy dn s -oar c dns-oarc WebSrv https Strict or Opportunistic usage profiles? RFC7858 (DNS-over-TLS) RFC7858 (DNS-over-TLS) 1) Authenticated Private DNS defined direct defineddns directspki SPKIauthentication authenticationonly only 2) Private 3) Clear text DNS 31/45

32 Requirements for DNS-over-TLS t ne i ap s n td e g A AA A A/ DNSSEC Resolver c A dns-oar https dns-oarc getdnsapi Privacy WebSrv Regular PKI authentication (bootstrap address lookup with regular DNS(SEC)) 32/45

33 Requirements for DNS-over-TLS A pi Y KE nsa S DN td ge DS DNSSEC Aware Recursive getdnsapi c dns-oar DNSSEC A https Privacy WebSrv Regular PKI authentication Authenticate with DANE (stricter opportunistic with TLSA signalling) 33/45

34 Requirements for DNS-over-TLS _853_tcpgetdnsapi getdnsapi RRSIGs TLSA DNSKEY DS DNSKEY DS DNSKEY dns-oarc getdnsapi DNSSEC c A dns-oar _853_ tcpgetdnsapi TLSA getdnsapi DNSKEY DS DNSKEY DS DNSKEY RRSIGs https Privacy WebSrv Regular PKI authentication Authenticate with DANE DNSSEC authentication chain TLS extension 34/45

35 Requirements for DNS Privacy DNS-over-TLS RFC7858 Reuse / Pipelining / OOOR RFC7766 TCP Fastopen RFC7413 ENDS0 keepalive RFC7828 ENDS0 padding RFC7830 PKI support for authentication (various) DNSSEC support (for address lookup and authentication) (various) 35/45

36 Requirements for the versatile Cross the first DNSSEC mile From the ground up Privacy Strengthened TLS authentication (DANE) Strengthened opportunistic TLS (DANE) Provide status of DNSSEC & DNS over TLS kup DN SSE DN C So v er No TL na S dd re s AP s lo I o s From the ground-up security/privacy 36/45

37 Non address lookups - Application Interface Application getaddrinfo() and getnameinfo() (PI standard extended by RFC3493 for IPv6) 37/45

38 Non address lookups - Application Interface Application getaddrinfo() and getnameinfo() (PI standard extended by RFC3493 for IPv6) Application Talk to upstreams directly with a library: libresolv, libval, ldns, libunbound, libgetdns library Learn upstreams from /etc/resolvconf, NetworkManager, registry 38/45

39 Non address lookups - Application Interface Applications Applicationsusing using getaddrinfo()api API getaddrinfo() and getaddrinfo() getnameinfo() Application will not get the versatile features will not get the versatile features (PI standard extended by RFC3493 (first DNSSEC mile coverage, DNS privacy)for IPv6) (first DNSSEC mile coverage, DNS privacy) Application Talk to upstreams directly with a library: libresolv, libval, ldns, libunbound, libgetdns library Learn upstreams from /etc/resolvconf, NetworkManager, registry 39/45

40 Non address lookups - Application Interface Application Stub server listening on :53 getaddrinfo() and getnameinfo() use system which uses server server Stubby Dnssec-Trigger Dnsmasq 40/45

41 Non address lookups - Application Interface Application server getaddrinfo() and getnameinfo() use systemd-resolved via nsswitch module Stub server listening on :53 systemd-resolvedservice systemd-resolved 41/45

42 Non address lookups - Application Interface App Application library server Talk to server via a library: libresolv, libval, ldns, libunbound, libgetdns systemd-resolvedservice systemd-resolved Stubby :53 Dnssec-Trigger Dnsmasq 42/45

43 Non address lookups - Application Interface App Application library server Talk to server via a library: libresolv, libval, ldns, libunbound, libgetdns systemd-resolvedservice systemd-resolved Stubby :53 Dnssec-Trigger Dnsmasq 43/45

44 Non address lookups - Application Interface App Application Talk to server via the dbus API dbus API server systemd-resolvedservice systemd-resolved 44/45

45 The Importance of Being an Earnest 45/45