Less is More Cipher-Suite Negotiation for DNSSEC

Similar documents
DNS Authentication-as-a-Service Preventing Amplification Attacks

Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

A Security Evaluation of DNSSEC with NSEC Review

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

DOMAIN NAME SECURITY EXTENSIONS

DNS SECurity Extensions technical overview

CS 356 Using Cryptographic Tools to Secure the Domain Name System (DNS) Spring 2017

Fragmentation Considered Poisonous

DNS Security. * pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Root Servers. Root hints file come in many names (db.cache, named.root, named.cache, named.ca) See root-servers.org for more detail

I certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist?

DNSSEC operational experiences and recommendations. Antti Ristimäki, CSC/Funet

Domain Name System (DNS)

DNS Security. Ch 1: The Importance of DNS Security. Updated

An Overview of DNSSEC. Cesar Diaz! lacnic.net!

DNS Security DNSSEC. * zo.net/papers/dnssec/dnss ec.html. IT352 Network Security Najwa AlGhamdi

Measuring the effects of DNSSEC deployment on query load

Some DNSSEC thoughts. DNSOPS.JP BOF Interop Japan Geoff Huston Chief Scientist, APNIC June 2007

BIG-IP DNS Services: Implementations. Version 12.0

Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly

The Performance of ECC Algorithms in DNSSEC: A Model-based Approach

BIG-IP DNS Services: Implementations. Version 12.1

The State and Challenges of the DNSSEC Deployment. Eric Osterweil Michael Ryan Dan Massey Lixia Zhang

DNSSEC Why, how, why now? Olaf Kolkman (NLnet Labs)

Packet Traces from a Simulated Signed Root

Deploying New DNSSEC Algorithms

Documentation. Name Server Predelegation Check

CNT Computer and Network Security: DNS Security

Implementing DNSSEC with DynDNS and GoDaddy

Introduction to Network. Topics

3. The DNSSEC Primer. Data Integrity (hashes) Authenticated Denial of Existence (NSEC,

Rolling the Root. Geoff Huston APNIC Labs March 2016

Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status

Keeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson

Domain Name System Security

Request for Comments: 3110 Obsoletes: 2537 May 2001 Category: Standards Track. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)

Domain Name System Security

MAGPI: Advanced Services IPv6, Multicast, DNSSEC

OFF-PATH ATTACKS AGAINST PUBLIC KEY INFRASTRUCTURES. Markus Brandt, Tianxiang Dai, Elias Heftrig, Amit Klein, Haya Shulman, Michael Waidner

6to4 Reverse DNS Delegation

12 DNS Security Extensions DNS resolution via recursive nameserver DNS request/response format Simple DNS cache poisoning The Dan Kaminsky DNS

DNS Security. Wolfgang Nagele DNS Group Manager

DNS Review Quiz. Match the term to the description: A. Transfer of authority for/to a subdomain. Domain name DNS zone Delegation C B A

A Case Study Solution to DNS Cache Poisoning Attacks

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Seamless transition of domain name system (DNS) authoritative servers

RIPE NCC DNS Update. Wolfgang Nagele DNS Services Manager

A Cache Management Strategy for Shortening DNSSEC Name Resolution Time

Network Working Group Request for Comments: 5155 Category: Standards Track Nominet D. Blacka VeriSign, Inc. March 2008

Understanding and Characterizing Hidden Interception of the DNS Resolution Path

DNS and cctld Management. Save Vocea and Champika Wijayatunga Apia Samoa July 2015

Understanding and Deploying DNSSEC. Champika Wijayatunga SANOG29 - Pakistan Jan 2017

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

DNSSEC at Scale. Dani Grant CloudFlare

DNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31

DNSSEC All You Need To Know To Get Started

DNSSEC the.se way: Overview, deployment and lessons learned. Anne-Marie Eklund Löwinder Quality & Security Manager

DNS Security. Wolfgang Nagele DNS Services Manager

GDS Resource Record: Generalization of the Delegation Signer Model

Protecting Privacy: The Evolution of DNS Security

CSC 574 Computer and Network Security. DNS Security

ICANN SSR Update. Save Vocea PacNOG17 Samoa 13 July 2015

Web Security. Mahalingam Ramkumar

ECE 435 Network Engineering Lecture 7

ICS 451: Today's plan

LECTURE 8. Mobile IP

Re-engineering the DNS One Resolver at a Time. Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist

DNS Mark Kosters Carlos Martínez {ARIN, LACNIC} CTO

Stratum Filtering for DDoS Resilient Clouds

Computer Security CS 426

OSI Session / presentation / application Layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016)

Toward Unspoofable Network Identifiers. CS 585 Fall 2009

Chapter 19. Domain Name System (DNS)

DNS Mark Kosters Carlos Martínez ARIN - LACNIC

Network Working Group Request for Comments: 5702 Category: Standards Track October 2009

Domain Name System Security

Afilias DNSSEC Practice Statement (DPS) Version

Internet Engineering Task Force (IETF) April Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC

Step by step DNSSEC deployment in.se. Anne-Marie Eklund Löwinder Quality & Security

SonicOS Enhanced Release Notes

Configuring IPv6 DNS. Introduction to IPv6 DNS. Configuring the IPv6 DNS client. Configuring static domain name resolution

In the Domain Name System s language, rcode 0 stands for: no error condition.

Draft Applicant Guidebook, v3

Introduction to the Domain Name System

CSCE 463/612 Networks and Distributed Processing Spring 2018

Mitigating man-in-the-middle attacks on smartphones a discussion of SSL pinning and DNSSec

Final exam in. Web Security EITF05. Department of Electrical and Information Technology Lund University

An ARIN Update. Susan Hamlin Director of Communications and Member Services

Domain Name System.

DNSSEC. Lutz Donnerhacke. db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb dig +dnssec e164.arpa. naptr

CS System Security Mid-Semester Review

Tyre Kicking the DNS. Testing Transport Considerations of Rolling Roots. Geoff Huston APNIC

Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution

The DNS of Things. A. 2001:19b8:10 1:2::f5f5:1d Q. WHERE IS Peter Silva Sr. Technical Marketing

Venugopal Ramasubramanian Emin Gün Sirer SIGCOMM 04

DNSSEC From a protocol bug to a security advantage

Transcription:

Less is More Cipher-Suite Negotiation for DNSSEC Amir Herzberg Bar-Ilan University Haya Shulman Technische Universität Darmstadt Bruno Crispo Trento University

Domain Name System (DNS) Lookup services Locate resources: via names Authentication: black lists, policies, security mechanisms (SPF, ROVER, ) Problem: no authentication of DNS responses

Domain Name System (DNS) Problem: no authentication of DNS responses Attacker can provide spoofed records Resolver caches Clients redirected to incorrect (malicious) hosts www.foo.com A 6.6.6.6

Domain Name System (DNS) Problem: no authentication of DNS responses Attacker can provide spoofed records Resolver caches Clients redirected to incorrect (malicious) hosts www.foo.com A 6.6.6.6

DNS Security (DNSSEC) DNSSEC prevents attacks On-path (MitM) attacks (NSA, China, GCHQ,?) Off-path attacks [HS12,HS13a-c,SW14] Vulnerable name servers DNSSEC provides evidences Enables forensic analysis, detection of attacks see [SW14] DNSSEC would facilitate security protocols ROVER, DANE

DNS Security (DNSSEC) Zone file is signed Name server sends keys and signatures over DNS records Resolver validates signatures Enables detection of spoofed responses

DNS Security (DNSSEC) Only few support it Many resolvers signal ``DNSSEC OK Only <5% validate Many (important) zones got signed Forward DNS: Root, >62% TLDS, but only <1% SLDs Reverse DNS (IPv4): arpa, in-addr.arpa but only <1% subdomains

Obstacles to DNSSEC Adoption Zone file is signed with all supported ciphers Name server sends all keys and signatures over DNS records Resolver validates all signatures Overhead!!

Servers Send Key/SIGs for ALL Supported Algs. Large Responses! Blocked at intermediate devices e.g., firewalls Off-path attacks DoS and poisoning [HS12,HS13a-c,SW14]

Servers Send Key/SIGs for ALL Supported Algs. Large Responses! Transition to TCP? Not all support Overhead Low motivation to adopt ``shorter algs Mandatory support of RSA 1024 More algs. increase responses sizes

Supported DNSSEC Algorithms Weak ciphers Mandatory support of RSA1024 No motivation to adopt better ciphers Shorter signatures More secure

Cipher-Suite Negotiation for DNSSEC Goals: Protect DNS transaction with optimal cipher Reduce responses size and latency Robust to downgrade Interoperability with legacy proxies Hop-by-hop or end-to-end?

Hop-by-Hop Cipher-Suite Negotiation EDNS allows to introduce new options to DNS Resolver signals its ciphers and priorities in EDNS in DNS request Server sends records protected with the optimal cipher Prevent downgrade attach a signed list of supported ciphers in response

Hop-by-Hop Cipher-Suite Negotiation

Hop-by-Hop Cipher-Suite Negotiation But: intermediate proxies Respond with cached signatures may not be the priority/ciphers supported by requesting resolvers Legacy proxies fall back to traditional DNSSEC

End-to-End Cipher-Suite Negotiation Server signals its ciphers in a special DNSKEY record (with new code) DNSKEY encodes the public verification key of the zone 5 - RSA/SHA1 7 - RSA/SHA1-NSEC3-SHA1 13 - ECDSA Curve P-256 with SHA-256 42 - CIPHERS NEGOTIATION foo.bar. 3379 IN DNSKEY 257 3 42 (RSA/SHA1(3), RSA/SHA1-NSEC3-SHA1(2), ECDSA Curve P-256 with SHA-256(1)= ) ; key id = 12319

End-to-End Cipher-Suite Negotiation Server signals its ciphers in a special DNSKEY record Key is cached by the resolvers 5 - RSA/SHA1 7 - RSA/SHA1-NSEC3-SHA1 13 - ECDSA Curve P-256 with SHA-256 42 - CIPHERS NEGOTIATION Resolver concatenates cipher to query cipher.delimiter.domain: 13._csn_.foo.bar Name server returns requested record protected with the optimal cipher

End-to-End Cipher-Suite Negotiation Resolver identifies supporting name servers in advance Via the special DNSKEY record DNSKEY is requested once and cached according to TTL No redundant queries Optimal utilisation of intermediate caches

Conclusions DNSSEC-adopters use all supported ciphers Overhead is obstacle to DNSSEC adoption Mitigation: cipher suite negotiation Challenge: intermediate proxies Hop-by-hop cipher suite negotiation is non-interoperable End-to-end cipher suite negotiation Resolver identifies supporting name servers in advance No redundant queries and optimal utilisation of intermediate caches

Questions? Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback