DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Similar documents
Understanding and Deploying DNSSEC. Champika Wijayatunga SANOG29 - Pakistan Jan 2017

DNS Security. APNIC42 Colombo Sri Lanka 01 October 2016 Champika Wijayatunga

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

Root Zone DNSSEC KSK Rollover

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

DNS and cctld Management. Save Vocea and Champika Wijayatunga Apia Samoa July 2015

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

DNS Mark Kosters Carlos Martínez ARIN - LACNIC

Scott Rose, NIST Winter JointTechs Meeting Jan 30, 2011 Clemson University

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

DNSSEC All You Need To Know To Get Started

DNSSEC deployment. Phil Regnauld Hervey Allen

12 DNS Security Extensions DNS resolution via recursive nameserver DNS request/response format Simple DNS cache poisoning The Dan Kaminsky DNS

DNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Table of Contents. DNS security. Alternative DNS security mechanism. DNSSEC specification. The long (and winding) road to the DNSSEC specification

An Overview of DNSSEC. Cesar Diaz! lacnic.net!

2017 DNSSEC KSK Rollover. Guillermo Cicileo LACNIC March 22, 2017

Table of Contents. DNS security basics. What DNSSEC has to offer. In what sense is DNS insecure? Why DNS needs to be secured.

The State and Challenges of the DNSSEC Deployment. Eric Osterweil Michael Ryan Dan Massey Lixia Zhang

Assessing and Improving the Quality of DNSSEC

Some DNSSEC thoughts. DNSOPS.JP BOF Interop Japan Geoff Huston Chief Scientist, APNIC June 2007

DNSSEC. Lutz Donnerhacke. db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb dig +dnssec e164.arpa. naptr

3. The DNSSEC Primer. Data Integrity (hashes) Authenticated Denial of Existence (NSEC,

ICANN SSR Update. Save Vocea PacNOG17 Samoa 13 July 2015

DNS Operations and DNSSEC Tutorial. Champika Wijayatunga SANOG30 - India July 12-13, 2017

CIRA DNSSEC PRACTICE STATEMENT

DNSSEC in Switzerland 2 nd DENIC Testbed Meeting

DNS security. Karst Koymans & Niels Sijm. Tuesday, September 18, Informatics Institute University of Amsterdam

APNIC DNSSEC APNIC DNSSEC. Policy and Practice Statement. DNSSEC Policy and Practice Statement Page 1 of 12

Keeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson

ARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN

DENIC DNSSEC Testbed Software support for DNSSEC Ralf Weber

Step by step DNSSEC deployment in.se. Anne-Marie Eklund Löwinder Quality & Security

DNS Security and DNSSEC in the root zone Luzern, Switzerland February 2010

Richemont DNS Inc. DNS Practice Statement for the PANERAI Zone. Version 0.2

DNS SECurity Extensions technical overview

By Paul Wouters

2017 DNSSEC KSK Rollover. DSSEC KSK Rollover

Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution

Afilias DNSSEC Practice Statement (DPS) Version

MAGPI: Advanced Services IPv6, Multicast, DNSSEC

6 March 2012

DNSSEC for the Root Zone. IETF 76 Hiroshima November 2009

A Security Evaluation of DNSSEC with NSEC Review

DNSSEC for the Root Zone. IETF 76 8 November 2009

TWNIC DNS 網路安全研討會安全問題之解決對策 (DNSSEC) Why do we need DNSSEC? Many application depend on DNS DNS is not secure. There are known vulnerabilities

Deploying New DNSSEC Algorithms

Shared cctld DNSSEC Signing Platform Bill Woodcock and Rick Lamb ICANN San Francisco March 2011

AfriNIC 14 Shared cctld DNSSEC Signing Platform June 9, 2011 Bill Woodcock Research Director Packet Clearing House

DNSSEC for the Root Zone. ICANN 37 Nairobi March 2010

Securing Domain Name Resolution with DNSSEC

Session J9: DNSSEC and DNS Security

DNSSEC operational experiences and recommendations. Antti Ristimäki, CSC/Funet

Toward Unspoofable Network Identifiers. CS 585 Fall 2009

That KSK Roll. Geoff Huston APNIC Labs

Rolling the Root Zone KSK. Matt Larson ICANN56 (Helsinki ) June 2016

Expires: June 16, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST December 17, 2003

Hands-on DNSSEC with DNSViz. Casey Deccio, Verisign Labs RIPE 72, Copenhagen May 23, 2016

DNSSEC Basics, Risks and Benefits

DNSSEC Basics, Risks and Benefits

DNSSEC for the Root Zone. NZNOG Hamilton, NZ January 2010

DNSSEC at ORNL. Paige Stafford Joint Techs Conference, Fairbanks July 2011

5 DNS Security Extensions DNSSEC

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC. Wes Hardaker

Algorithm for DNSSEC Trusted Key Rollover

Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status

THE BRUTAL WORLD OF DNSSEC

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

DNSSec Operation Manual for the.cz and e164.arpa Registers

Domain Name System Security

A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover

SecSpider: Distributed DNSSEC Monitoring and Key Learning

2017 Root DNSSEC KSK Rollover. NANOG 70 June 6, 2017

DNSSEC PRACTICE STATEMENT FOR TOP-LEVEL DOMAINS

Root KSK Rollover Update (or, We're really doing it this time)

DNSSEC Why, how, why now? Olaf Kolkman (NLnet Labs)

Root KSK Roll Delay Update

Root Zone DNSSEC KSK Rollover. DSSEC KSK Rollover

DNSSEC: A game changing example of multi-stakeholder cooperation. ICANN Meeting, Singapore 21 June 2011

The Performance of ECC Algorithms in DNSSEC: A Model-based Approach

Rolling the Root Zone DNSSEC Key Signing Key Edward Lewis AFRINIC25 November 2016

CS 356 Using Cryptographic Tools to Secure the Domain Name System (DNS) Spring 2017

Domain Name System Security

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

Domain Name System Security

Migrating an OpenDNSSEC signer (February 2016)

APRICOT 2012 New Delhi, India February 21 - March 2

DNSSEC the.se way: Overview, deployment and lessons learned. Anne-Marie Eklund Löwinder Quality & Security Manager

A paper on DNSSEC - NSEC3 with Opt-Out

Root KSK Roll Delay Update

Network Working Group Request for Comments: 5702 Category: Standards Track October 2009

Documentation. Name Server Predelegation Check

DS TTL shortening experience in.jp

SOFTWARE USER MANUAL (SUM): TRAINING, PROCEDURAL, AND DEVELOPMENT DOCUMENTATION

ICANN Policy Update & KSK Rollover

I certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist?

DNSSEC for Humans and BIND 10. Paul Vixie Internet Systems Consortium June 9, 2011

Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016

Expires: November 15, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST May 17, 2004

Transcription:

DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1

DNSSEC 2 2

DNS: Data Flow Zone administrator Zone file 1 Primary 4 Caching Servers 2 3 5 Dynamic updates Secondaries Resolvers 3 3

DNS Vulnerabilities Corrupting data Zone administrator Zone file 1 Impersonating master Primary 4 Caching Servers Cache impersonation Dynamic updates 2 Unauthorized updates 3 Secondaries Cache pollution by Data spoofing Altered zone data 5 Resolver Server protection Data protection 4 4

The Bad Cache Poisoning Attacks Vulnerable resolvers add malicious data to local caches DNS Hijacking A man in the middle (MITM) or spoofing attack intercept and forwards DNS queries to a name server that returns forge responses e.g. DNSChanger (One of the biggest cybercriminal takedown in history) Many other DNS hijacks in recent times SSL / TLS doesn't tell you if you've been sent to the correct site, it only tells you if the DNS matches the name in the certificate. 5

How DNSSEC Works 6

Why DNSSEC? Without DNSSEC With DNSSEC myexamplebank.com = IP address A DNS myexamplebank.com = IP address A DNS myexamplebank.com = Attacker IP address X myexamplebank.com = Attacker IP address X myexamplebank.com DNS myexamplebank.com DNS IP address X IP address A Passwords myexamplebank..com webserver Attacker s Passwords Desired page myexamplebank. com webserver Attacker s page webserver 7

DNSSEC cctld Map 8

DNSSEC Deployment Current Status 9

DNSSEC Validation Current Status 10

DNSSEC Validation Current Status 11

DNSSEC: So what s the problem? Not enough IT departments know about it or are too busy putting out other security fires? When they do look into it they hear old stories of FUD and lack of turnkey solutions? Registrars*/DNS providers see no demand leading to chicken-and-egg problems. *but required by new ICANN registrar agreement 12

The Business Case for DNSSEC Cyber security is becoming a greater concern to enterprises, government, and end users. DNSSEC is a key tool and differentiator. DNSSEC is the biggest security upgrade to Internet infrastructure in over 20 years. It is a platform for new security applications (for those that see the opportunity). DNSSEC infrastructure deployment has been brisk but requires expertise. Getting ahead of the curve is a competitive advantage. 13

What you can do For Companies: Sign your corporate domain names Just turn on validation on corporate DNS resolvers For Users: Ask ISPs/DNS Operators to turn on validation on their DNS resolvers For All: Take advantage of DNS and DNSSEC education and training Encourage to join TLD policy discussions through ICANN constituencies such as gnso and ccnso. 14

New concepts Secure Entry Point and Chain of Trust Delegating Signing Authority New packet options (flags) CD, AD, DO New RRs DNSKEY, RRSIG, NSEC/NSEC3 and DS Signature expiration Key Rollovers 15

Chain of Trust and Secure Entry Point Using the existing delegation based model of distribution Don t sign the entire zone, sign a RRset Parent DOES NOT sign the child zone. The parent signs a pointer (hash) to the key used to sign the data of the child zone (DS record) Example with www.myzone.net.. Secure Entry Point net myzone 16 www 16

Delegation of Trust Data authenticity and integrity by signing the Resource Records Sets with a private key Public DNSKEYs published, used to verify the RRSIGs Children sign their zones with their private key Authenticity of that key established by parent signing hash (DS) of the child zone's key Repeat for parent Not that difficult on paper Operationally, it is a bit more complicated DS KEY KEY signs zone data 17

New RR: DNSKEY PROTOCOL OWNER TYPE FLAGS ALGORITHM example.net. 43200 DNSKEY 256 3 7 ( AwEAAbinasY+k/9xD4MBBa3QvhjuOHIpe319SFbWYIRj /nbmvzfjnsw7by1cv3tm7zllqnbcb86nvfmsq3jjofmr PUBLIC KEY (BASE64)...) ; ZSK; key id = 23807 KEY ID FLAGS determines the usage of the key PROTOCOL is always 3 (DNSSEC) ALGORITHM can be (3: DSA/SHA-1, 5: RSA/SHA1, 8: RSA/SHA-256, 12: ECC- GOST) http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml 18

DNSKEY: Two Keys, not one There are in practice at least two DNSKEY pairs for every zone Originally, one key-pair (public, private) defined for the zone private: key used to sign the zone data (RRsets) public: key published (DNSKEY) in the zone DNSSEC works fine with a single key pair Problem with using a single key: Every time the key is updated, the DS record must be updated on the parent zone as well Introduction of Key Signing Key (flags=257) 19

KSK and ZSK Key Signing Key (KSK) Pointed to by parent zone in the form of DS (Delegation Signer). Also called Secure Entry Point. Used to sign the Zone Signing Key Flags: 257 Zone Signing Key (ZSK) Signed by the KSK Used to sign the zone data RRsets Flags: 256 This decoupling allows for independent updating of the ZSK without having to update the KSK, and involve the parents (i.e. less administrative interaction) 20

New RR: RRSIG (Resource Record Signature) example.net. 600 A 192.168.10.10 example.net. 600 A 192.168.23.45 OWNER TYPE TYPE COVERED ALG #LABELS TTL example.net. 600 RRSIG A 7 2 600 ( SIG. EXPIRATION SIG. INCEPTION KEY IDSIGNER NAME 20150115154303 20141017154303 23807 example.net. SIGNATURE CoYkYPqE8Jv6UaVJgRrh7u16m/cEFGtFM8TArbJdaiPu W77wZhrvonoBEyqYbhQ1yDaS74u9whECEe08gfoe1FGg... ) 21

RRSIG Typical default values Signature inception time is 1 hour before. Signature expiration is 30 from now Proper timekeeping (NTP) is required What happens when signatures run out? SERVFAIL Domain effectively disappears from the Internet for validating resolvers Note that keys do not expire No all RRSets need to be resigned at the same time 22

New RR: NSEC NXDomains also must be verified NSEC provides a pointer to the Next SECure record in the chain of records. omega.myzone? RESOLVER NSEC ] delta.myzone., zulu.myzone.[ AUTH for myzone. myzone. NS alpha.myzone. A beta.myzone. CNAME charlie.myzone. A delta.myzone. MX zulu.myzone. A 23

New RR: NSEC3 To avoid concerns about zone enumeration To avoid large zone-files: opt-out concept omega.myzone? RESOLVER NSEC3 [ H(charlie.myzone.), H(alpha.myzone.) ] 1-Way Hash AUTH for myzone digests. H(zulu.myzone.) H(myzone.) H(delta.myzone.) H(charlie.myzone.) H(beta.myzone.) H(alpha.myzone.) 24

New RR: DS (Delegation Signer) Hash of the KSK of the child zone Stored in the parent zone, together with the NS RRs indicating a delegation of the child zone. The DS record for the child zone is signed together with the rest of the parent zone data NS records are NOT signed (they are a hint/pointer) Digest type 1 = SHA-1, 2 = SHA-256 myzone. DS 61138 5 1 F6CD025B3F5D0304089505354A0115584B56D683 myzone. DS 61138 5 2 CCBC0B557510E4256E88C01B0B1336AC4ED6FE08C8268CC1AA5FBF00 5DCE3210 25

Signatures Expiration and Key Rollovers 26

Signature Expiration Signatures are per default 30 days (BIND) Need for regular resigning: To maintain a constant window of validity for the signatures of the existing RRset To sign new and updated Rrsets Use of jitter to avoid having to resign all expiring RRsets at the same time The keys themselves do NOT expire But they may need to be rolled over... 27

Key Rollovers Try to minimise impact Short validity of signatures Regular key rollover Remember: DNSKEYs do not have timestamps the RRSIG over the DNSKEY has the timestamp Key rollover involves second party or parties: State to be maintained during rollover Operationally expensive 28

Key Rollovers Two methods for doing key rollover Pre-Publish Double Signature KSK and ZSK rollover use different methods. Remember that KSK needs to interact with parent zone to update DS record. 29

DNSSEC Deployment @Root 30

DNSSEC Deployment @Root Multi-stakeholder, bottom-up trust model* /w 21 crypto officers from around the world Broadcast Key Ceremonies and public docs SysTrust audited FIPS 140-2 level 4 HSMs Root DPS DNSSEC Practice Statement *Managed by technical community+icann 31

DNSSEC Signing vs. Validation DNS Security Extensions Digital signature is the basic element of work Signing Zone Administrators add digital signatures Validation DNS Caches, DNS Stubs check the signatures in a few ways, cryptographic and other (time, etc.) Impact of DNSSEC root KSK rollover DNSSEC validators (e.g., some ISPs) need to prepare, new "root" of trust 32

The Root Zone DNSSEC KSK The Root Zone DNSSEC Key Signing Key KSK is the top most cryptographic key in the DNSSEC hierarchy KSK Public portion of the KSK is configuration parameter in DNS validating revolvers DATA 33

Recognizing KSK-2017 The KSK-2017 s Key Tag is 20326 The Delegation Signer (DS) Resource Record for KSK-2017 is. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D084 "Root" 58E880409BBC683457104237C7F8EC8D Note: liberties taken with formatting for presentation purposes 34

KSK-2017 in a DNSKEY Resource Record The DNSKEY resource record will be:. IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e ozg+srdk6nwel3c6h5apxz7ljvc1utidsixxuolya4/ilbmsvizudwfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU= "Root" Note: liberties taken with formatting for presentation purposes 35

Why are there DS and DNSKEY forms of KSK-2017? Tools that you will use to manage DNSSEC trust anchor configurations work on either the DS form, the DNSKEY form or both For each tool there are historical reasons The DS record contains a hash of KSK-2017 The DNSKEY record contains the public key of KSK-2017 Consult your tool s documentation to know which is appropriate 36

Preferred Approach Mindful that the choice is a matter of local policy DNSSEC validation is for the benefit of the receiver Not all operational environments are the same, not all validating tools implement Automated Updates ICANN is doing its best to accommodate different approaches Automated Updates is likely the preferred approach Relies only on what has been trusted before It's the most reliable/stable approach, simplest basis for trust 37

What Do Operators Need to Do? Be aware whether DNSSEC is enabled in your servers Be aware of how trust is evaluated in your operations Test/verify your set ups Inspect configuration files, are they (also) up to date? If DNSSEC validation is enabled or planned in your system o o Have a plan for participating in the KSK rollover Know the dates, know the symptoms, solutions 38

Latest update on the Root KSK Rollover Project https://www.icann.org/news/blog/update-on-the-root-ksk-rolloverproject 39

Thank You and Questions Visit us at icann.org Email: champika.wijayatunga@icann.org 40

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback