CNT Computer and Network Security: DNS Security

Transcription

1 CNT Computer and Network Security: DNS Security Professor Patrick Traynor Fall 2017

2 Reminders Related Work is due on Wednesday I look forward to reading these! Remember, quality matters in everything that you do, from matters technical to presentation! Assignment #3 is due on 10/18. Yikes, this one is tough. Get it done! Midterm exam: 10/13 I will discuss the exam format, etc, on 10/7 2

3 Address Translation The Internet relies on IP addresses for routing and delivering traffic. Efficient encoding makes the job of routers easy, and keeps routing tables small due to aggregation. When the Internet consisted of only a small number of hosts, such a solution was sufficient. Anyone could memorize the addresses of the 8 machines that could possibly talk to each other. Unfortunately, IP addresses are not memorable at scale. Very quickly, it was realized that some mechanism would be required to manage the translation from easy to remember names to routing-optimized IPv4 addresses. 3

4 hosts.conf The first reliable mechanism was, hosts.conf, a file stored on every Internet connected computer. Once in a while, that file would need to be updated with a current list of all of the hosts on the Internet. Network administrators would often have to physically deliver this update to every machine in their domain. Scalability quickly made this approach obsolete. That said, your machines still have hosts.conf, which you can use to statically configure any domain to IP pair you wish. 4

5 DNS - The Domain Name System DNS maps between IP address ( ) and domain and host names (thunder.cise.ufl.edu) How it works: the root servers redirect you to the top level domains (TLD) DNS servers, which redirect you to the appropriate sub-domain, and recursively. Note: there are 13 root servers that contain the TLDs for.org,.edu, and country specific registries (.fr,.ch) root.edu ufl.edu cise.ufl.edu thunder.cise.ufl.edu Host (resolver) 5

6 DNS Scalability DNS is one of the most scalable subsystems deployed today. How does it do that? The protocol is simple, running over UDP. Iterative execution and stub-resolvers limit the duties of core nodes. Caching, caching and more caching. DNS is so robust that botnet administrators sometimes attempt to DDoS it to demonstrate the overwhelming power of their malicious infrastructure. 6

7 DNS Vulnerabilities Nothing is authenticated, so really the game is over You can not really trust what you hear But, many applications are doing just that. Spoofing of DNS is really dangerous Moreover, DNS is a catalog of resources Zone-transfers allow bulk acquisition of DNS data and hence provide a map for attacking the network Lots of opportunity to abuse the system Relies heavily on caching for efficiency -- cache pollution Once something is wrong, it can remain that way in caches for a long time (e.g., it takes a long time flush) Data may be corrupted before it gets to authoritative server 7

8 DNS Cache Poisoning Root Servers 3 QID=600 IP for neighborhoodbank.com ns.neighborhoodbank.com 1 QID=599 IP for Victim nameserver 2 QID=599 referral to neighborhoodbank.com 4 QID=600 IP: a - IP: QID=599 QID=600 QID=601 evil.net fake! evil client 0 IP for Client 5 Transaction 8

9 Limitations DNS Cache poisoning has been known and understood since almost as long as DNS has been deployed. Ok, then why was virtually nothing done to fix the problem? At the end of the day, the practicality of actually achieving this attack was judged to be too low to justify the expense of fixing it in any principled manner. 9

10 Kaminsky Variant Root Servers 3 QID=600 IP for neighborhoodbank.com neighborhoodbank.com ns.neighborhoodbank.com 1 QID=599 IP for neighborhoodbank.com Victim nameserver 2 QID=599 referral to neighborhoodbank.com 0 IP for neighborhoodbank.com 4 QID=600 Ad: a - Ad: QID=599 QID=600 QID=601 evil.net fake! evil client Client 10

11 Kaminsky - It s in the Details... That s all well and good, but how do you get such a request from inside a target network? What can you do to prevent such attacks? 11

12 Kaminsky - The Aftermath The community (operations, research, and government) took this vulnerability very seriously. Disclosure was withheld for many months, to ensure that the majority of vendors could provide some sort of working solution. Large-scale patching took place over the course of about a month, with interesting results. 12

13 Solutions DNS is one of the core services of the Internet. If we can t get this right, we may need to quit trying to fix anything else. 13

14 Source Port Randomization DNS query ID guessing attacks are easy given the very limited space allocated for QID (16 bits). Why can t we just expand this field? Some have proposed the use of a random source port to expand the effective QID of each query. Potentially adds another 16 bits if enforced. What are the limitations of this proposed solution? 14

15 DNS Cookies Server and resolver use a new option field to include random cookies for each other. Cookie generation suggested using HMAC-SHA1 Resolver Query: RC:123, SC:???,E:0 Server SC:789 ErrReply: RC:123, SC:789, E:BadC Query: RC:123, SC:789,E:0 AnsReply: RC:123, SC:789,E:0 RC:123 RC:123 ForgedQuery: RC:XYZ, SC:???,E:0 ErrReply: RC:XYZ, SC:789, E:BadC ForgedReply: RC:???, SC:???,E:0 RC:XYZ Source: IETF Draft Presentation 15

16 0x20 Bit Randomization DNS requests are NOT case sensitive: = This approach proposes the use of random capitalization of letters in domain names to provide additional bits of randomness. How many additional bits does the above example provide? Ok - guessing is now very difficult. Are we finished? 16

17 What did we fix? adversary QID = QID = Client Victim nameserver QID = QID = neighborhoodbank.com 17

18 What did we fix? adversary QID = neighborhoodbank.com Client adversarial Victim nameserver 18

19 ISPs as Adversaries? 19

20 DNSSEC A standard-based (IETF) solution to security in DNS Prevents data spoofing and corruption Public key based solution to verifying DNS data Authenticates Communication between servers DNS data Public keys (a bootstrap for PKI?) 20

21 DNSSEC Mechanisms TSIG : transaction signatures protect DNS operations Zone loads, some server to server requests (master -> slave), etc. Time-stamped signed responses for dynamic requests A misnomer -- it currently uses shared secrets for TSIG (HMAC) or do real signatures using public key cryptography SIG0: a public key equivalent of TSIG Works similarly, but with public keys Not as popular as TSIG, being evaluated Note: these mechanisms assume clock sync. (NTP) 21

22 DNSSEC Mechanisms Securing the DNS records Each domain signs their zone with a private key Public keys published via DNS Indirectly signed by parent zones Ideally, you only need a self-signed root, and follow keys down the hierarchy Signs Signs Signs root.edu ufl.edu cise.ufl.edu 22

23 DNSSEC challenges Incremental deployability/bootstrapping problem Everyone has DNS, can t assume a flag day Resource imbalances Some devices can t afford real authentication Cultural Most people don t have any strong reason to have secure DNS ($$$ not justified in most environments) Lots of transitive trust assumptions (you have no idea how the middlemen do business) Take away: DNSsec is being deployed, but it is unclear whether it will be used appropriately/widely 23

24 DNSSEC Criticisms Not everyone agrees that this standard is the right way to move forward. The cryptographic operations can be slow. There is little agreement about who should hold the root keys. It can make responses HUGE! 24

25 Anti-DNSSEC It s Unnecessary! If you already use TLS, do you need it? It s a Government Controlled PKI! Why are some people concerned about this? It s Cryptographically Weak! It uses RSA 1024-bit keys. Is that not enough? 25

26 What Practicioners Think From: Randy Bush Subject: multiple-choice question of the day Date: March 18, :54:03 AM PDT To: No transition plan Declared victory before the hard part even started No real long term plan No realistic estimation of costs No real support for the folk on the front lines Victory will be next month Describes: a - The war in Iraq b - DNSsec c - IPv6 d - All of the above 26

27 DNSSEC: The Reality DNSSEC now signs multiple TLDs Countries (.br,.bg,.cz, and others) and regional authorities (RIPE NCC, ARIN).org,.com and.net as well. But not everyone can read DNSSEC Recursive resolvers can t all handle this Endpoint operating systems often don t 27

28 DNSCurve DNSCurve relies on Elliptic Curve Cryptography. Much more efficient in terms of performance and space. Criticisms: DNSSec offers algorithm options, DNSCurve locks in the use of Curve DNSCurve secures a connection, not individual messages, meaning that cache entries can be replaced. To date, only OpenDNS uses DNSCurve. 28

29 Wrap-Up DNS is one of the most critical services underlying stable operation of the Internet. Unfortunately, it is extremely vulnerable to attack as it has no strong authentication mechanisms. There are lots of proposed solutions, both immediately deployable (weak) and principled (strong). While we will likely see widespread DNSSEC deployment, it will almost certainly never be complete. How much is enough? 29