Towards Secure Name Resolution on the Internet

Similar documents
The GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance

Secure Name Resolution

The GNU name system. Christian Grothoff Inria Rennes Bretagne Atlantique

The GNU Name System and the Future of Social Networking with GNUnet

Components for Building Secure Decentralized Networks

Ordinary DNS: A? k.root-servers.net. com. NS a.gtld-servers.net a.gtld-servers.net A Client's Resolver

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

An Overview of DNSSEC. Cesar Diaz! lacnic.net!

The Importance of Being an Earnest stub

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

DNSSEC. CS 161: Computer Security Prof. David Wagner. April 11, 2016

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

DNS & Iodine. Christian Grothoff.

ROOT SERVERS MANAGEMENT AND SECURITY

When HTTPS Meets CDN: A Case of Authentication in Delegated Services. J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, J. Wu

Domain Name System (DNS)

Table of Contents. DNS security basics. What DNSSEC has to offer. In what sense is DNS insecure? Why DNS needs to be secured.

Computer Security CS 426

DENIC DNSSEC Testbed Software support for DNSSEC Ralf Weber

Hands-on DNSSEC with DNSViz. Casey Deccio, Verisign Labs RIPE 72, Copenhagen May 23, 2016

Introduction to the DANE Protocol And Updates From IETF 88

More on DNS and DNSSEC

Security Impact of DNS Delegation Structure and Configuration Problems

How to get a trustworthy DNS Privacy enabling recursive resolver

The Performance of ECC Algorithms in DNSSEC: A Model-based Approach

Network Security. Thierry Sans

I certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist?

Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution

Protecting Privacy: The Evolution of DNS Security

A Security Evaluation of DNSSEC with NSEC Review

Re-engineering the DNS One Resolver at a Time. Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist

Introduction to the DANE Protocol

SecSpider: Distributed DNSSEC Monitoring and Key Learning

CS 356 Using Cryptographic Tools to Secure the Domain Name System (DNS) Spring 2017

Less is More Cipher-Suite Negotiation for DNSSEC

3. The DNSSEC Primer. Data Integrity (hashes) Authenticated Denial of Existence (NSEC,

Personalized Pseudonyms for Servers in the Cloud. Qiuyu Xiao (UNC-Chapel Hill) Michael K. Reiter (UNC-Chapel Hill) Yinqian Zhang (Ohio State Univ.

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

DNSSEC All You Need To Know To Get Started

Table of Contents. DNS security. Alternative DNS security mechanism. DNSSEC specification. The long (and winding) road to the DNSSEC specification

DNS Security DNSSEC. * zo.net/papers/dnssec/dnss ec.html. IT352 Network Security Najwa AlGhamdi

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

Internet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: March 2017

DNSSEC operational experiences and recommendations. Antti Ristimäki, CSC/Funet

Advanced Caching DNS Server

DNS Privacy Clients. Stubby, Mobile apps and beyond! dnsprivacy.org

DNS Fundamentals. Steve Conte ICANN60 October 2017

Applications & Application-Layer Protocols: The Domain Name System and Peerto-Peer

DNSSEC. Lutz Donnerhacke. db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb dig +dnssec e164.arpa. naptr

DNS Mark Kosters Carlos Martínez ARIN - LACNIC

Domain Name System Security

Expires: November 15, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST May 17, 2004

Network Security. DNS (In)security. Radboud University, The Netherlands. Autumn 2015

Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly

CNAME-based Redirection Design Notes

A survey of the peer to peer based DNS system

BIND-USERS and Other Debugging Experiences. Mark Andrews Internet Systems Consortium

6 March 2012

DNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO

Using EAP-TLS with TLS 1.3 draft-mattsson-eap-tls IETF 101, EMU, MAR John Mattsson, MOHIT sethi

Expires: June 16, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST December 17, 2003

Network Working Group

Algorithm for DNSSEC Trusted Key Rollover

Domain Name System (DNS)

Toward Unspoofable Network Identifiers. CS 585 Fall 2009

A Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project

DNS Privacy. EDU Tutorial dnsprivacy.org. Sara Dickinson Sinodun

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Domain Name System Security

Internet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: November 2015

CSC 574 Computer and Network Security. DNS Security

OSI Session / presentation / application Layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016)

Rolling the Root Zone DNSSEC Key Signing Key Edward Lewis AFRINIC25 November 2016

Network Security. DNS (In)security. Radboud University, The Netherlands. Spring 2017

Distributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017

Some DNSSEC thoughts. DNSOPS.JP BOF Interop Japan Geoff Huston Chief Scientist, APNIC June 2007

Domain Name System Security

ICS 351: Today's plan. DNS WiFi

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

Web Security. Mahalingam Ramkumar

Testing IPv6 address records in the DNS root

DANE Demonstration! Duane Wessels, Verisign! ICANN 49 DNSSEC Workshop! March 26, 2014!

On the Internet, nobody knows you re a dog.

DNS SECurity Extensions technical overview

DNS Privacy - Implementation and Deployment Status

What s Happening at the IETF & IRTF? Human Rights Protocol Considerations and how to get involved

DNSSEC KSK-2010 Trust Anchor Signal Analysis

Assessing and Improving the Quality of DNSSEC

The Internet is Broken: Idealistic Ideas for Building a NEWGNU Network. Christian Grothoff Bartlomiej Polot Carlo von Loesch. The GNUnet Project

DNS security. Karst Koymans & Niels Sijm. Tuesday, September 18, Informatics Institute University of Amsterdam

F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution

Network Working Group Request for Comments: Category: Best Current Practice October 2008

Implementing DNSSEC with DynDNS and GoDaddy

DNS and DNSSEC Management and Monitoring Changes Required During A Transition To DNSSEC. Wes Hardaker

The State and Challenges of the DNSSEC Deployment. Eric Osterweil Michael Ryan Dan Massey Lixia Zhang

DNS. A Massively Distributed Database. Justin Scott December 12, 2018

Evaluation and consideration of multiple responses. Kazunori Fujiwara, JPRS OARC 28

Transcription:

Towards Secure Name Resolution on the Internet C. Grothoff M. Wachs M. Ermert J. Appelbaum 26.2.2017 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee

Security Goals for Name Systems Query origin anonymity Data origin authentication and integrity protection Zone confidentiality Query and response privacy Censorship resistance Availability, DDoS-resistance 2 / 17

Exemplary Attacks: MORECOWBELL 3 / 17

Exemplary Attacks: QUANTUMDNS 4 / 17

DNSSEC Root Zone a.root-servers.net. Stub Resolver A 93.184.216.119 RRSIG example.com. K0rp9n... AD DNSSEC Trust Anchor 49AAC1... Recursive Name Server NS a.gtld-servers.net.test DS E2D3C9... RRSIG. S4LXnQiBS... NS a.gtld-servers.net.test DS 3490A6... RRSIG com. U/ZW6P3c....com a.gtld-servers.net. A 93.184.216.119 RRSIG example.com. K0rp9n... example.com a.iana-servers.net. 5 / 17

Query Name Minimization Stub Resolver A 93.184.216.119 Recursive Name Server NS com? NS a.gtld-servers.net. NS example.com? NS a.iana-servers.net. Root Zone a.root-servers.net..com a.gtld-servers.net A 93.184.216.119 example.com a.iana-servers.net 6 / 17

DNS over TLS Stub Resolver A 93.184.216.119 Recursive Name Server NS a.gtld-servers.net. NS a.iana-servers.net. Root Zone a.root-servers.net..com a.gtld-servers.net. A 93.184.216.119 example.com a.iana-servers.net. 7 / 17

The Textbook Version of the Internet Layering, 1990 HTTPS DNS TLS UDP TCP IPv4 Ethernet Phys. Layer 8 / 17

The Textbook Version of the Internet Layering, 1990 Layering, 2020 HTTPS DNS TLS UDP TCP IPv4 Ethernet Phys. Layer HTTPS TLS-with-DANE DNS-over-TLS TLS TCP IPv6 Ethernet Phys. Layer libmicrohttpd libgnutls libunbound libnss Linux Linux = castrated version without RFC 6125 or RFC 6394, possibly NULL cipher, see TLS profiles draft. 8 / 17

DNSCurve DNSCurve Cache Public Key P c Private Key S c NS a.gtld-servers.net. NS uz5...hyw.iana-servers.net. Root Zone a.root-servers.net..com a.gtld-servers.net. Pc, N, E () N, E (A 93.184.216.119) DNSCurve Server example.com uz5...hyw.iana-servers.net. 9 / 17

Confidential DNS Stub Resolver A 93.184.216.119 Recursive Name Server ENCRYPT.? ENCRYPT P ENCRYPT. EP (www.example.com, K)? ENCRYPT EK (A 93.184.216.119) example.com a.iana-servers.net. 10 / 17

Namecoin Namecoin Client Local Copy of Block Chain Append registration to block chain Get copy of block chain P2P Network Block Chain 11 / 17

The GNU Name System (GNS) Bob s NSS.gnu = Pbob www.pbob? A 203.0.113.54 Bob s GNS Service Pbob zone database carol PKEY Pcarol www A 203.0.113.54 PUT (H(carol, Pbob), E(PKEY Pcarol)) PUT (H(www, Pbob), E(A 203.0.113.54)) Carols s GNS Service Pcarol zone database www A 203.0.113.34 PUT (H(www, Pcarol), E(A 203.0.113.34)) GET (H(carol, Pbob)) DHT E (PKEY Pcarol) GET (H(www, Pcarol)) E (A 203.0.113.34) P2P Network Alice s NSS.gnu = Palice www.palice? A 203.0.113.13 Alice s GNS Service www.carol.bob.palice? A 203.0.113.34 Palice zone database bob PKEY Pbob www A 203.0.113.13 12 / 17

GNS and Query Privacy: Terminology G generator in ECC curve, a point n size of ECC group, n := G, n prime x private ECC key of zone (x Z n ) P public key of zone, a point P := xg l label for record in a zone (l Z n ) R P,l q P,l B P,l set of records for label l in zone P query hash (hash code for DHT lookup) block with encrypted information for label l in zone P published in the DHT under q P,l 13 / 17

GNS and Query Privacy: Cryptography Publishing records R P,l as B P,l under key q P,l h : = H(l, P) (1) d : = h x mod n (2) B P,l : = S d (E HKDF (l,p) (R P,l )), dg (3) q P,l : = H(dG) (4) 14 / 17

GNS and Query Privacy: Cryptography Publishing records R P,l as B P,l under key q P,l h : = H(l, P) (1) d : = h x mod n (2) B P,l : = S d (E HKDF (l,p) (R P,l )), dg (3) q P,l : = H(dG) (4) Searching for records under label l in zone P h : = H(l, P) (5) q P,l : = H(hP) = H(hxG) = H(dG) obtain B P,l (6) R P,l = D HKDF (l,p) (B P,l ) (7) 14 / 17

Summary Protection against Ease of Manipulation Zone Client observation Traffic Censorship / Migration / by MiTM walk network operator Amplifi. Legal attacks Compatibility DNS +++ DNSSEC failed +/- + DNSCurve + DNS-over-TLS n/a + Conf. DNS n/a ++ Namecoin - GNS - - EDNS0 15 / 17

Conclusion Query name minimization is low-cost, low-benefit approach, but should clearly be done Simple encryption schemes offer medium-cost, medium-benefit approach NameCoin does not help with privacy at all GNU Name System performance depends on the DHT need to invest more in DHT design & implementation 16 / 17

Do you have any questions? Yves Eudes, Christian Grothoff, Jacob Appelbaum, Monika Ermert, Laura Poitras, Matthias Wachs: MoreCowBell, nouvelles révélations sur les pratiques de la NSA. Le Monde, 24.1.2015. Nathan Evans and Christian Grothoff. R 5 N. Randomized Recursive Routing for Restricted-Route Networks. 5th International Conference on Network and System Security, 2011. Matthias Wachs, Martin Schanzenbach and Christian Grothoff. A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System. 13th International Conference on Cryptology and Network Security, 2014. 17 / 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback