a threshold cryptographic backend for dnssec
play

A Threshold Cryptographic Backend for DNSSEC Francisco Cifuentes - PowerPoint PPT Presentation

Sep 22, 2022 •360 likes •507 views

A Threshold Cryptographic Backend for DNSSEC Francisco Cifuentes francisco@niclabs.cl 1 Key Management Implementations Back to ICANN 40 2 Key Management Implementations Needs Zones need to be re-signed PKCS#11 periodically. Keys

  1. A Threshold Cryptographic Backend for DNSSEC Francisco Cifuentes francisco@niclabs.cl 1

  2. Key Management Implementations Back to ICANN 40 2

  3. Key Management Implementations Needs ● Zones need to be re-signed PKCS#11 periodically. ● Keys must not be cloned. Problems HSM ● Hardware fails. ● HSM are expensive. ● SoftHSM can be vulnerable. 3

  4. What was proposed? A Threshold Cryptographic Backend. PKCS#11 Threshold Cryptographic Backend Threshold Cryptographic backend 4

  5. Our work with OpenDNSSEC PKCS#11 Threshold Cryptographic Backend 5

  6. Properties of the system ● Distributed ● Fault T olerant ● Robust ● Secure Cryptographic backend 6

  7. Properties of the system ● Distributed – Private key is split into shares and distributed among n nodes. – The signing procedure is called in each of the n nodes. 7

  8. Properties of the system ● Fault-T olerant – A subset of nodes can fail and the signing process will be completed succesfully. 8

  9. Properties of the system ● Robust – Failures and attacks can be reduced implementing nodes in both difgerent programming languages and operative systems. 9

  10. Properties of the system ● Secure – No one holds the complete private key. – More than k nodes have to be endangered to authorize faked signatures. 10

  11. What it is? ● Basically, a PKCS#11 API provider. ● It uses the Threshold Cryptographic Backend implemented then. ● It actually signs DNS records. 11

  12. What it is not? ● A fully compliant PKCS#11 implementation. 12

  13. Future work ● Complete the PKCS#11 implementation, in order to make it usable directly from BIND (or any other software). ● T est on a real zone set. 13

  14. Questions? Francisco Cifuentes francisco@niclabs.cl 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany November 6, 2020 NIST Workshop on Multi-Party Threshold Schemes 2020 Based on work published at ESORICS20 with Anders Dalskov, Marcel Keller,

775 views • 63 slides
Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives

Toward Criteria for Standardization of Multi-Party Threshold Schemes for Cryptographic Primitives Lus T. A. N. Brando* Cryptographic Technology Group National Institute of Standards and Technology (Gaithersburg, USA) Presentation on August

828 views • 63 slides
Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s

Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s

Towards Standardization of Threshold Schemes for Cryptographic Primitives at NIST Lu s Brand ao Joint work with: Apostol Vassilev, Nicky Mouha, Michael Davidson The red dancing devil is from clker.com/clipart-13643.html National

2.04k views • 175 slides
An Intrusion Tolerant Threshold Cryptographic System Kamran Riaz Khan

An Intrusion Tolerant Threshold Cryptographic System Kamran Riaz Khan

Outline Problem Statement Proposed Solution Project Goals Deliverables Related Work References Questions An Intrusion Tolerant Threshold Cryptographic System Kamran Riaz Khan <krkhan@inspirated.com> March 2, 2010 Kamran Riaz Khan

970 views • 93 slides
MetaPost 1.207 (TEXLive 2009) EuroTEX 2009 SVG backend SVG backend SVG backend SVG backend A

MetaPost 1.207 (TEXLive 2009) EuroTEX 2009 SVG backend SVG backend SVG backend SVG backend A

MetaPost 1.207 (TEXLive 2009) EuroTEX 2009 SVG backend SVG backend SVG backend SVG backend A complete SVG example outputformat := "svg"; outputtemplate := "%j-%c.%o"; beginfig(1); fill fullcircle scaled 100 withcolor

680 views • 15 slides
.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
Breaking DNSSEC D. J. Bernstein University of Illinois at Chicago Advertisement:

Breaking DNSSEC D. J. Bernstein University of Illinois at Chicago Advertisement:

Breaking DNSSEC D. J. Bernstein University of Illinois at Chicago Advertisement: Special-purpose hardware for attacking cryptographic systems, Lausanne, 2009.09.0910; http://sharcs.org . 1993.11 Galvin: The DNS Security design

1.05k views • 65 slides
DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
A Resilient DNSSEC Implementation June 2017, ICANN-59, Johannesburg David Peall

A Resilient DNSSEC Implementation June 2017, ICANN-59, Johannesburg David Peall

A Resilient DNSSEC Implementation June 2017, ICANN-59, Johannesburg David Peall david@dns.business Who is DNS Business Backend Registry Service Provider (RSP). Provide innovative RSP services for ccTLDs, geoTLDs, gTLDs and

191 views • 18 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS query, without having to trust the

835 views • 49 slides
DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative Russ.Mundy@cobham.com / mundy@sparta.com www.dnssec-deployment.org DNSSEC Trust Anchors Starting point for DNSSEC validation Choice of

375 views • 16 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security

An Overview of DNSSEC Cesar Diaz cesar@ lacnic.net 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that let your computer false

609 views • 34 slides
Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction About Estonian Internet Foundation DNSSEC what, why, when Techie stuff Actual work Current situation | 26.03.2014 | Estonian

240 views • 9 slides
Presentation for IR Meeting July 31, 2018 Key points of the first quarter of fiscal 2017 In

Presentation for IR Meeting July 31, 2018 Key points of the first quarter of fiscal 2017 In

Q1 FY2018 - Apr 1, 2018 to Jun 30, 2018 - Presentation for IR Meeting July 31, 2018 Key points of the first quarter of fiscal 2017 In the 1Q (April to June) of FY2018 sales and operating profit increased YoY. In addition to an increase in

554 views • 28 slides
Mapping Out CDT Project Work NTS GIS Meeting, November 2019 Introduction Taylor Willow

Mapping Out CDT Project Work NTS GIS Meeting, November 2019 Introduction Taylor Willow

Mapping Out CDT Project Work NTS GIS Meeting, November 2019 Introduction Taylor Willow (she/her/hers) MSc in GIS, University of Edinburgh (2018) CDT Resource Assistant Southwest Conservation Corps (Oct. 2018 Aug. 2019),

125 views • 11 slides
Problem solved: SAP Integration 2 SAP Integration SAPs ability to standardize a range of

Problem solved: SAP Integration 2 SAP Integration SAPs ability to standardize a range of

Problem solved: SAP Integration 2 SAP Integration SAPs ability to standardize a range of Build applications shared business functions has made it a that seamlessly critical component of many enterprises back offjce operations

500 views • 10 slides
Back to Basics Back to Basics PAYROLL EARNINGS DAY TO DAY & DUPLICATES, SOFT WARNINGS AND

Back to Basics Back to Basics PAYROLL EARNINGS DAY TO DAY & DUPLICATES, SOFT WARNINGS AND

Office of Operations 2013 Fall Conference November 6-7 Back to Basics Back to Basics PAYROLL EARNINGS DAY TO DAY & DUPLICATES, SOFT WARNINGS AND GENERAL COMMENTS Tina Elden and Carol Alpy Office of Operations John Traylor, Executive

284 views • 11 slides
EBS Transition Access Validation Pete Smith March 2013 Access Validation Phase A reminder;

EBS Transition Access Validation Pete Smith March 2013 Access Validation Phase A reminder;

EBS Transition Access Validation Pete Smith March 2013 Access Validation Phase A reminder; Will only start after all external test phases completed Will not start until a defined period before cut-over Is a validation phase not a

652 views • 25 slides
User Group October 4, 2012 1 User Thursday, October 4, 2012 Encounter Data Group 3:00 P.M.

User Group October 4, 2012 1 User Thursday, October 4, 2012 Encounter Data Group 3:00 P.M.

Encounter Data System User Group October 4, 2012 1 User Thursday, October 4, 2012 Encounter Data Group 3:00 P.M. 4:00 P.M. ET Encounter Data Agenda Agenda Introduction Session Guidelines CMS Updates Group User EDPS

674 views • 36 slides
Take care of technology so that you can focus on your core business We help you design and

Take care of technology so that you can focus on your core business We help you design and

Take care of technology so that you can focus on your core business We help you design and develop bespoke software solutions tailored to your unique business needs 2 About We provide expert software engineering services that solve particular

420 views • 28 slides
Operating & Maintenance Agreement Overview June 2020 1 LEGAL DISCLAIMER Statements made by

Operating & Maintenance Agreement Overview June 2020 1 LEGAL DISCLAIMER Statements made by

Puerto Rico Electric Transmission & Distribution System Operating & Maintenance Agreement Overview June 2020 1 LEGAL DISCLAIMER Statements made by representatives for ATCO Ltd. and Canadian Utilities Limited and information provided

484 views • 12 slides

More recommend