a new approach to dns security (dnssec) author: giuseppe ateniese stefan mangard presenter: liu,...
Post on 18-Dec-2015
222 views
TRANSCRIPT
![Page 1: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/1.jpg)
A New Approach to DNS Security (DNSSEC)
Author:
Giuseppe Ateniese
Stefan Mangard
Presenter: Liu, Xiaotao
![Page 2: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/2.jpg)
Outline
• Overview of DNS• Motivation• PK-DNSSEC• SK-DNSSEC• Comparison with PK-DNSSEC• Usage of DNSSEC
![Page 3: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/3.jpg)
Outline
• Overview of DNS• MotivationMotivation• PK-DNSSECPK-DNSSEC• SK-DNSSECSK-DNSSEC• Comparison with PK-DNSSECComparison with PK-DNSSEC• Usage of DNSSECUsage of DNSSEC
![Page 4: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/4.jpg)
What is the DNS• Domain Name System• Distributed ‘database’ to resolve domain
names• Labels translate to Resource Records
• Address (A)• Mail hosts (MX)• Text (TXT)• and much more….
• Resource records stored in zones• Highly scalable
![Page 5: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/5.jpg)
domain
zone
A DNS tree
.money.net .kids.net
corp.money.net
unix.os.net
mac.os.net
nt.os.net
.os.net
.net .com
marnick.kids.netdop.kids.net
. root
top level
![Page 6: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/6.jpg)
DNS data
Label ttl class type rdata
Example Zone file dacht.net 7200 IN SOA ns.ripe.net. olaf.ripe.net.( 2001061501 ; Serial
43200 ; Refresh 12 hours
14400 ; Retry 4 hours
345600 ; Expire 4 days
7200 ; Negative cache 2 hours
)
dacht.net 7200 IN NS ns.ripe.net.
dacht.net 7200 IN NS ns.high5.net.
pinkje.dacht.net 3600 IN A 193.0.1.162
host25.dacht.net 2600 IN A 193.0.3.25
![Page 7: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/7.jpg)
Common Resource Records
RECORD TYPE
DESCRIPTION USAGE
A An address record Maps FQDN into an IP address
PTR A pointer record Maps an IP address into FQDN
NS A name server record Denotes a name server for a zone
SOA A Start of Authority record
Specifies many attributes concerning the zone, such as the name of the domain (forward or inverse), administrative contact, the serial number of the zone, refresh interval, retry interval, etc.
CNAME A canonical name record Defines an alias name and maps it to the absolute (canonical) name
MX A Mail Exchanger record Used to redirect email for a given domain or host to another host
![Page 8: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/8.jpg)
DNS resolving
stub resolver
Question: www.cnn.com
www.cnn.com A ?
resolver
. www.cnn.com A ?
ask .com server the ip address of .com server
.comwww.cnn.com A ?
ask cnn.com serverthe ip address of cnn.com server
cnn.com
www.cnn.com A ?
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
add to cache
www.cnn.com
lab.cs.umass.edudns.cs.umass.edu
![Page 9: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/9.jpg)
DNS Data flow
master resolver
stub resolver
Zone administrator
Zone file
slavesDynamicupdates
![Page 10: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/10.jpg)
Outline
• Overview of DNSOverview of DNS• Motivation• PK-DNSSECPK-DNSSEC• SK-DNSSECSK-DNSSEC• Comparison with PK-DNSSECComparison with PK-DNSSEC• Usage of DNSSECUsage of DNSSEC
![Page 11: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/11.jpg)
DataProtectionServer
Protection
DNS Vulnerabilities
Zone file
slaves
master resolver
stub resolver
Zone administrator
Dynamicupdates
Cache pollution byData spoofingUnauthorized updates
Corrupting data Impersonating master
Cache impersonation
![Page 12: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/12.jpg)
Why DNSSEC
• DNSSEC protects against data spoofing and corruption
• DNSSEC also provides mechanisms to authenticate servers and requests
• DNSSEC provides mechanisms to establish authenticity and integrity
![Page 13: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/13.jpg)
Outline
• Overview of DNSOverview of DNS• MotivationMotivation• PK-DNSSEC• SK-DNSSECSK-DNSSEC• Comparison with PK-DNSSECComparison with PK-DNSSEC• Usage of DNSSECUsage of DNSSEC
![Page 14: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/14.jpg)
PK-DNSSEC (Public Key)• The DNS servers sign (digitally encrypt)the hash
of resource record set with its private keys
• Resouce record set: The set of resource records of the same type.
• Public KEYs can be used to verify the SIGs
• The authenticity of public KEYs is established by a SIGnature over the keys with the parent’s private key
• In the ideal case, only one public KEY needs to be distributed off-band (the root’s public KEY)
![Page 15: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/15.jpg)
DNSSEC new RRs• 2 Public key related RRs
• SIG signature over RRset made using private key
• KEY public key, needed for verifying a SIG over a RRset, signed by the parent’s private key
• One RR for internal consistency (authenticated denial of data)
• NXT RR to indicate which RRset is the next one in the zone
• For non DNSSEC public keys: CERT
![Page 16: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/16.jpg)
SIG RRs• Cover each resource record set with a public-key
signature which is stored as a resource record called SIG RR
• SIG RRs are computed for every RRset in a zone file and stored
• Add the corresponding pre-calculated signature for each RRset in answers to queries
• Must include the entire RRset in an answer, otherwise the resolver could not verify the signature
![Page 17: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/17.jpg)
SIG(0)• Use public-key signature to sign the
whole message each time the server responses the queries
• Provide integrity protection and authentication of the whole message
• Can be scaled to provide authentication of query requests
• Not be practical to use on a large scale environment
![Page 18: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/18.jpg)
Compare SIG RRs with SIG(0)
• More computation on DNS server
caused by SIG(0)
• More network traffic caused by
SIG RRs
• More storage need by SIG RRs
![Page 19: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/19.jpg)
Verifying the tree
stub resolver
Question: www.cnn.com
www.cnn.com A ?
resolver
. (root)www.cnn.com A ?
ask .com server SIG(the ip address and PK of .com
server) by its private key
.comwww.cnn.com A ?
ask cnn.com serverSIG(the ip address and PK of cnn.com server)
by its private key
cnn.com
www.cnn.com A ?
SIG(xxx.xxx.xxx.xxx)by its private key
xxx.xxx.xxx.xxx
add to cache
www.cnn.com
lab.cs.umass.edudns.cs.umass.edu
transaction signatures
slave serverstransaction signatures
![Page 20: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/20.jpg)
• Verify a SIG over data using the public KEY
• DNS data is signed with the private key
• Verify the SIG with the KEY mentioned in the SIG record
• The key can be found in the DNS or can be locally configured
Verifying
![Page 21: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/21.jpg)
Outline
• Overview of DNSOverview of DNS• MotivationMotivation• PK-DNSSECPK-DNSSEC• SK-DNSSEC• Comparison with PK-DNSSECComparison with PK-DNSSEC• Usage of DNSSECUsage of DNSSEC
![Page 22: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/22.jpg)
SK-DNSSEC (Symmetric Certificates)
• The usage of symmetric ciphers through AES or Blowfish in CBC mode.
• The usage of symmetric signatures via MAC functions.
• Combine encryption techniques with MAC functions as Ek(m, MACl(m)).
• Each message contains a nonce to avoid replay attack. A nonce is pair of a random number and a timestamp.
![Page 23: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/23.jpg)
SK-DNSSEC (cont.)• Given the DNS tree of domains, each node
shares a key with its parent, called master key
• The root domain has an asymmetric key pair(public and private key) as well as its own master key that is not shared with any others
• The resolvers must have an authentic copy of root’s public key
![Page 24: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/24.jpg)
Notation
![Page 25: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/25.jpg)
DNS Root Certificate
![Page 26: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/26.jpg)
DNS Request to Root
Info(Pxy) has to minimally contain the identity strings Ix and Iy. Inception and
expiration dates, details about the encryption and authentication algorithms
employed, certificate and key unique identifiers, and the identity of the creator of
the certificate
![Page 27: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/27.jpg)
DNS Request to Intermediate Server
![Page 28: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/28.jpg)
DNS Request to Authoritative Server
![Page 29: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/29.jpg)
For mutual authenticationFor any 0 i n
![Page 30: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/30.jpg)
The problem of PK and SK DNSSEC
• In SK-DNSSEC, the root servers need to decrypt the message encrypted by the public key
• In PK-DNSSEC, the potential increase of network traffic due to larger DNS messages
• In PK-DNSSEC, the high cost of verifying the public-key digital signatures at the resolvers side
![Page 31: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/31.jpg)
Hybrid Approach
• The root servers use PK-DNSSEC
• The top-level domains use SK-DNSSEC
![Page 32: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/32.jpg)
Outline
• Overview of DNSOverview of DNS• MotivationMotivation• PK-DNSSECPK-DNSSEC• SK-DNSSECSK-DNSSEC• Comparison with PK-DNSSEC• Usage of DNSSECUsage of DNSSEC
![Page 33: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/33.jpg)
Efficiency• PK-DNSSEC with SIG RR. For each RRset in
the answer, a pre-calculated SIG RR is included
• PK-DNSSEC with SIG(0). DNS messages do not contain SIG RRs, but are rather signed as a whole by SIG(0)-type signature.
• SK-DNSSEC. DNS messages are secured by symmetric signatures and encryption.
![Page 34: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/34.jpg)
Performance
(800M HZ)
![Page 35: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/35.jpg)
Performance (cont.)
![Page 36: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/36.jpg)
Network Traffic
![Page 37: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/37.jpg)
Storage
![Page 38: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/38.jpg)
Outline
• Overview of DNSOverview of DNS• MotivationMotivation• PK-DNSSECPK-DNSSEC• SK-DNSSECSK-DNSSEC• Comparison with PK-DNSSECComparison with PK-DNSSEC• Usage of DNSSEC
![Page 39: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/39.jpg)
Public-key Distribution System• Global real time availability
• Easy access to DNS
• Scalability• Hierarchical organization
• Globally unique names• Globally unique host name
• Cryptographic binding of name and key• KEY RR binds DNS names with keys
![Page 40: A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao](https://reader033.vdocuments.site/reader033/viewer/2022051516/56649d265503460f949fc883/html5/thumbnails/40.jpg)
Q&A
Thank You!