1 / 40

A New Approach to DNS Security (DNSSEC)

A New Approach to DNS Security (DNSSEC). Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao. Outline. Overview of DNS Motivation PK-DNSSEC SK-DNSSEC Comparison with PK-DNSSEC Usage of DNSSEC. Outline. Overview of DNS Motivation PK-DNSSEC SK-DNSSEC

Download Presentation

A New Approach to DNS Security (DNSSEC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao

  2. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  3. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  4. What is the DNS • Domain Name System • Distributed ‘database’ to resolve domain names • Labels translate to Resource Records • Address (A) • Mail hosts (MX) • Text (TXT) • and much more…. • Resource records stored in zones • Highly scalable

  5. .os.net .money.net zone .kids.net corp.money.net dop.kids.net nt.os.net marnick.kids.net unix.os.net mac.os.net A DNS tree . root domain top level .net .com

  6. DNS data • Example Zone file dacht.net 7200 IN SOA ns.ripe.net. olaf.ripe.net.( 2001061501 ; Serial 43200 ; Refresh 12 hours 14400 ; Retry 4 hours 345600 ; Expire 4 days 7200 ; Negative cache 2 hours ) dacht.net 7200 IN NS ns.ripe.net. dacht.net 7200 IN NS ns.high5.net. pinkje.dacht.net 3600 IN A 193.0.1.162 host25.dacht.net 2600 IN A 193.0.3.25 Label ttl class type rdata

  7. Common Resource Records

  8. DNS resolving Question: www.cnn.com . www.cnn.com A ? dns.cs.umass.edu lab.cs.umass.edu resolver ask .com server the ip address of .com server stub resolver www.cnn.com A ? xxx.xxx.xxx.xxx www.cnn.com A ? .com ask cnn.com server the ip address of cnn.com server add to cache www.cnn.com A ? xxx.xxx.xxx.xxx www.cnn.com cnn.com

  9. DNS Data flow Zone administrator Zone file master resolver slaves Dynamic updates stub resolver

  10. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  11. DNS Vulnerabilities Cache impersonation Corrupting data Impersonating master Zone administrator master resolver Zone file Dynamic updates slaves stub resolver Cache pollution by Data spoofing Unauthorized updates Data Protection Server Protection

  12. Why DNSSEC • DNSSEC protects against data spoofing and corruption • DNSSEC also provides mechanisms to authenticate servers and requests • DNSSEC provides mechanisms to establish authenticity and integrity

  13. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  14. PK-DNSSEC (Public Key) • The DNS servers sign (digitally encrypt)the hash of resource record set with its private keys • Resouce record set: The set of resource records of the same type. • Public KEYs can be used to verify the SIGs • The authenticity of public KEYs is established by a SIGnature over the keys with the parent’s private key • In the ideal case, only one public KEY needs to be distributed off-band (the root’s public KEY)

  15. DNSSEC new RRs • 2 Public key related RRs • SIG signature over RRset made using private key • KEY public key, needed for verifying a SIG over a RRset, signed by the parent’s private key • One RR for internal consistency (authenticated denial of data) • NXT RR to indicate which RRset is the next one in the zone • For non DNSSEC public keys: CERT

  16. SIG RRs • Cover each resource record set with a public-key signature which is stored as a resource record called SIG RR • SIG RRs are computed for every RRset in a zone file and stored • Add the corresponding pre-calculated signature for each RRset in answers to queries • Must include the entire RRset in an answer, otherwise the resolver could not verify the signature

  17. SIG(0) • Use public-key signature to sign the whole message each time the server responses the queries • Provide integrity protection and authentication of the whole message • Can be scaled to provide authentication of query requests • Not be practical to use on a large scale environment

  18. Compare SIG RRs with SIG(0) • More computation on DNS server caused by SIG(0) • More network traffic caused by SIG RRs • More storage need by SIG RRs

  19. Verifying the tree Question: www.cnn.com . (root) www.cnn.com A ? dns.cs.umass.edu lab.cs.umass.edu resolver ask .com server SIG(the ip address and PK of .com server) by its private key stub resolver www.cnn.com A ? xxx.xxx.xxx.xxx www.cnn.com A ? .com transaction signatures ask cnn.com server SIG(the ip address and PK of cnn.com server) by its private key add to cache slave servers www.cnn.com A ? SIG(xxx.xxx.xxx.xxx) by its private key transaction signatures www.cnn.com cnn.com

  20. Verifying • Verify a SIG over data using the public KEY • DNS data is signed with the private key • Verify the SIG with the KEY mentioned in the SIG record • The key can be found in the DNS or can be locally configured

  21. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  22. SK-DNSSEC (Symmetric Certificates) • The usage of symmetric ciphers through AES or Blowfish in CBC mode. • The usage of symmetric signatures via MAC functions. • Combine encryption techniques with MAC functions as Ek(m, MACl(m)). • Each message contains a nonce to avoid replay attack. A nonce is pair of a random number and a timestamp.

  23. SK-DNSSEC (cont.) • Given the DNS tree of domains, each node shares a key with its parent, called master key • The root domain has an asymmetric key pair(public and private key) as well as its own master key that is not shared with any others • The resolvers must have an authentic copy of root’s public key

  24. Notation

  25. DNS Root Certificate

  26. DNS Request to Root Info(Pxy) has to minimally contain the identity strings Ix and Iy. Inception and expiration dates, details about the encryption and authentication algorithms employed, certificate and key unique identifiers, and the identity of the creator of the certificate

  27. DNS Request to Intermediate Server

  28. DNS Request to Authoritative Server

  29. For mutual authentication For any 0  i  n

  30. The problem of PK and SK DNSSEC • In SK-DNSSEC, the root servers need to decrypt the message encrypted by the public key • In PK-DNSSEC, the potential increase of network traffic due to larger DNS messages • In PK-DNSSEC, the high cost of verifying the public-key digital signatures at the resolvers side

  31. Hybrid Approach • The root servers use PK-DNSSEC • The top-level domains use SK-DNSSEC

  32. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  33. Efficiency • PK-DNSSEC with SIG RR. For each RRset in the answer, a pre-calculated SIG RR is included • PK-DNSSEC with SIG(0). DNS messages do not contain SIG RRs, but are rather signed as a whole by SIG(0)-type signature. • SK-DNSSEC. DNS messages are secured by symmetric signatures and encryption.

  34. Performance (800M HZ)

  35. Performance (cont.)

  36. Network Traffic

  37. Storage

  38. Outline • Overview of DNS • Motivation • PK-DNSSEC • SK-DNSSEC • Comparison with PK-DNSSEC • Usage of DNSSEC

  39. Public-key Distribution System • Global real time availability • Easy access to DNS • Scalability • Hierarchical organization • Globally unique names • Globally unique host name • Cryptographic binding of name and key • KEY RR binds DNS names with keys

  40. Q&A Thank You!

More Related