cs 557 lecture 22 dns security
play

CS 557 - Lecture 22 DNS Security DNS Security Introduction and - PowerPoint PPT Presentation

Oct 15, 2022 •440 likes •923 views

CS 557 - Lecture 22 DNS Security DNS Security Introduction and Requirements, RFC 4033, 2005 Fall 2013 The Domain Name System Virtually every application uses Root the Domain Name System (DNS). DNS database maps: edu mil ru Name to

  1. CS 557 - Lecture 22 DNS Security DNS Security Introduction and Requirements, RFC 4033, 2005 Fall 2013

  2. The Domain Name System • Virtually every application uses Root the Domain Name System (DNS). • DNS database maps: edu mil ru – Name to IP address www.darpa.mil = 128.9.176.20 – And many other mappings isi darpa af mil (mail servers, IPv6, reverse … ) • Data organized as tree structure. nge andrews – Each zone is authoritative for its local data.

  3. DNS Query and Response www.darpa.mil A? Root DNS Server www.darpa.mil End-user Caching A 128.9.128.127 DNS Server mil DNS Server Actually www.darpa.mil = 192.5.18.195. But how would you determine this? darpa.mil DNS Server

  4. DNS Vulnerabilities • Original DNS design focused on data availability – DNS zone data is replicated at multiple servers. – A DNS zone works as long as one server is available. • DDoS attacks against the root must take out 13 root servers. • But the DNS design included no authentication. – Any DNS response is generally believed. – No attempt to distinguish valid data from invalid. • Just one false root server could disrupt the entire DNS.

  5. A Simple DNS Attack Easy to observe UDP DNS query sent to well known server on well known port. www.darpa.mil A? Root DNS Server www.darpa.mil A 192.5.18.19 Joe ’ s Caching www.darpa.mil Laptop DNS Server mil DNS Server A 128.9.128.127 Dan ’ s Laptop First response wins. Second response is silently dropped on the floor. darpa.mil DNS Server

  6. A More Complex Attack Response Secure64 www.attacker.com A 128.9.128.127 Caching Server attacker.com NS ns.attacker.com attacker.com NS www.google.com ns.attacker.com A 128.9.128.2 www.google.com A 128.9.128.127 www.google.com ns.attacker.com = 128.9.128.127 Query www.attacker.com Query www.google.com Secure64 Laptop Remote attacker

  7. Routing Based DNS Attacks • BGP Also Provides No Authentication – Faults and attacks can mis-direct traffic. – One (of many) examples observed from BGP logs. – Server could have replied with false DNS data. originates route to 192.26.92/24 ISPs announced new path for 20 minutes to 3 hours c.gtld-servers.net Internet 192.26.92.30 BGP monitor

  8. The Problem in a Nutshell • Resolver can not distinguish between valid and invalid data in a response. • Idea is to add source authentication – Verify the data received in a response is equal to the data entered by the zone administrator. – Must work across caches and views. – Must maintain a working DNS for old clients.

  9. DNS Security Extensions Cryptography is like magic fairy dust, we just sprinkle it on our protocols and its makes everything secure - IEEE Security and Privacy Magazine, Jan 2003

  10. Secure DNS Query and Response Caching DNS Server www.darpa.mil Authoritative DNS Servers www.darpa.mil = End-user 192.5.18.195 Plus (RSA) signature by the darpa.mil private key Attacker can not forge this answer without the darpa.mil private key.

  11. Authentication of DNS Responses • Each zone signs its data using a private key. – Recommend signing done offline in advance • Query for a particular record returns: – The requested resource record set. – A signature (SIG) of the requested resource record set. • Resolver authenticates response using public key. – Public key is pre-configured or learned via a sequence of key records in the DNS heirarchy.

  12. Learning DNS Public Keys • Public key is required to verify signature – RRSIG record identified the key name and key tag. – If you are pre-configured with key, then done. • UCLA resolver is configured with the ucla.edu key • Typical resolver does not have all the public keys. – Configure root key and perhaps some local keys – Query zone for the desired public – Query returns DNSKEY record and a signature from the parent zone.

  13. Example DNSSEC Records name TTL class RRSIG type_covered Algorithm labels TTL expiration ( inception dates key_tag key_name signature ) www.darpa.mil. 82310 IN A 192.5.18.195 www.darpa.mil. 82310 IN RRSIG A 1 4 86400 20040226023910 ( 20040127023910 468 darpa.mil. Base 64 encoding of signature ) name TTL class DNSKEY FLAGS PROTOCOL Algorithm public key darpa.mil. 81020 IN DNSKEY 256 3 1 ( Base64 encoding of pub key ) darpa.mil. 81020 IN RRSIG DNSKEY 1 3 86400 20040226023910 ( 20040127023910 569 mil. Base 64 encoding of signature ) Note the darpa.mil DNSKEY is signed by the mil private key ( We later show why this doesn ’ t work)

  14. Authenticated Denial of Existence • What if the requested record doesn ’ t exist? – Query for foo.isi.edu returns “ No such name ” – How do you authenticate this? • Must meet a variety of operational constraints – Some zones refuse to store any keying information online. – Some zones don ’ t trust (all) of their secondary servers. • Can ’ t control which server a resolver contacts. – Some zones don ’ t have compuational resources to sign on the fly – Can ’ t predict user would ask for “ foo.isi.edu ”

  15. NSEC Records Solution: sign “ next name after a.isi.edu. is g.isi.edu. ” Caching DNS Server foo.isi.edu. ? Authoritative DNS Servers End-user foo.isi.edu. does not exist a.isi.edu NSEC g.isi.edu. a.isi.edu RRSIG NSEC ….

  16. There is no magic fairy dust

  17. Zone Walking and Monitoring Solution: sign “ next name after a.colostate.edu. is g.colostate.edu. ” Caching DNS Server foo.colostate.edu. ? Authoritative DNS Servers End-user foo.colostate.edu. does not exist a.colostate.edu NSEC g.colostate.edu. a.colostate.edu RRSIG NSEC ….

  18. Revising DNS Key Management • Operational Problems in RFC 2535 DNSSEC – USC/ISI led one of the first multi-administion testbeds. – Identified fundamental key management & scaling issues. – Revision now at the end of the standards process • Provide a coherent design that meets needs of vendors/operators • Currently co-editor of the IETF revision [1]. • Basic Principles Behind the DNS Revision – The DNS succeeded by de-coupling zones. • But authentication chains require coordination. – Store a hash (copy) of the child key at the parent. • Overcomes the DNS atomic RRset problem. • Manages authentication chains using operations similar to those currently used for maintaining server chains.

  19. Revised DNS Key Management darpa.mil NS records Can Change mil key without notifying darpa.mil darpa.mil DS record (hash of pubkey 1) darpa.mil SIG(DS) by mil private key mil DNS Server darpa.mil DNS Server } darpa.mil DNSKEY (pub key 1) Can Change key 2 without darpa.mil DNSKEY (pub key 2) notifying .mil darpa.mil RRSIG(A) by key 1 www.darpa.mil A record www.darpa.mil RRSIG(A) by key 2

  20. DNS Key Signing Key Roll-Over darpa.mil DS record (hash of pubkey 3) darpa.mil RRSIG(DS) by mil private key darpa.mil DS record (hash of pubkey 1) darpa.mil RRSIG(DS) by mil private key mil DNS Server darpa.mil DNS Server Objective: Replace } darpa.mil DNSKEY (pub key 1) } DNSKEY 1 darpa.mil DNSKEY (pub key 2) } with new DNSKEY 3 darpa.mil DNSKEY (pub key 3) darpa.mil RRSIG(A) by key 1 darpa.mil RRSIG(A) by key 1 darpa.mil RRSIG(A) by key 3 darpa.mil RRSIG(A) by key 3

  21. Minimal Requirements • Parent must indicate how to reach the child. – NS records at parent MUST identify at least one valid name server for child. • Parent must identify a trusted key at child. – DS record at parent MUST match a valid KEY stored at the child.

  22. Protocol Complications • Building on an existing system – Objective is to strengthen the system. – But additions also add stress to weak points. • Some example cases: – Denial of service added by the DS record. – NS records stored at the parent. – Over use of the KEY record.

  23. Hidden DS Denial of Service • DS Record is Stored Only at the Parent. – All DS records should be sent to parent. – What if you ask ucla.edu for the ucla.edu DS? • Early BIND Implementation Choice: – Server says “ I ’ m not authoritative for this data ” . – Resolver hears “ Not authortitative for ucla.edu ” • The Resulting Under-Specification Attack – Ask resolver to send DS query to each ucla.edu server. – Each server declared not authortiative for ucla.edu! – Query for www.ucla.edu now returns: cache says all ucla.edu servers are broken

  24. Flaws in the DNS Design (glue) • Parent ( edu ) stores NS records for child ( isi.edu ) – Provides a hint on how to reach the child • Child also stores a copy of the same NS RRset. – Child ( isi.edu ) is the authoritative source. • Implications for Authentication: – Parent is not the authoritative source of the data. – Child data is not available if parent is wrong. – Resolver/cache can ’ t distinguish between the set stored at the child and the set stored at the parent. • DNSSEC Solution: Only the child signs its NS RRset

  25. NS records stored at the Parent • Edu server stores NS records for ucla.edu – Tells a resolver where to find ucla.edu servers. • Ucla.edu server also stores ucla.edu NS set. – Ucla.edu is the authoritative source. – Parent and child differ due to various reasons • SeePappas SIGCOMM 2004 • Loose coordination works since only requires some overlap in parent/child NS. – Security assumes identical. – Security also says parent can ’ t sign NS set. • Parent is not the authoritative source of the data.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A Threatens Privacy Threatens Try to achieve Lecture 2B: Network threats Lecture 3A: Attacks on Lecture 6A: Security Protocols Web servers, malware

381 views • 25 slides
TCP/IP: TCP Network Security Lecture 7 Eike Ritter Network Security - Lecture 7 1 TCP

TCP/IP: TCP Network Security Lecture 7 Eike Ritter Network Security - Lecture 7 1 TCP

TCP/IP: TCP Network Security Lecture 7 Eike Ritter Network Security - Lecture 7 1 TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP connection comes from host Bob) Mallory wants to impersonate

923 views • 17 slides
Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
CSc 337 LECTURE 24: SECURITY Our current view of security until now, we have assumed:

CSc 337 LECTURE 24: SECURITY Our current view of security until now, we have assumed:

CSc 337 LECTURE 24: SECURITY Our current view of security until now, we have assumed: valid user input non-malicious users nothing will ever go wrong this is unrealistic! The real world in order to write secure code, we

211 views • 18 slides
CSE 154 LECTURE 25: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 25: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 25: WEB SECURITY Our current view of security until now, we have assumed: valid user input non-malicious users nothing will ever go wrong this is unrealistic! The real world in order to write secure code,

445 views • 18 slides
CSE 154 LECTURE 26: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 26: WEB SECURITY Our current view of security until now, we have assumed:

CSE 154 LECTURE 26: WEB SECURITY Our current view of security until now, we have assumed: valid user input non-malicious users nothing will ever go wrong this is unrealistic! The real world in order to write secure code,

210 views • 18 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security

Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security

Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security Recent advance in security issues of self-driving cars and smart traffic light --- one of the most disruptive tech today, impacting the safety

518 views • 29 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions on Administrativia, organizational matters? Historical/cultural overview? Eike Ritter Network Security - Lecture 2 1 Today PGP in 6

431 views • 42 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
Network provider Security Markus Peuhkuri 2005-04-28 Lecture topics Basics of security

Network provider Security Markus Peuhkuri 2005-04-28 Lecture topics Basics of security

Network provider Security Markus Peuhkuri 2005-04-28 Lecture topics Basics of security Security threats Regulators and ISP security Some headlines Davie-Besse nuclear reactor control network

482 views • 17 slides
Lecture 11: Energy and security Lecture 11: Energy and security considerations in wireless PHY +

Lecture 11: Energy and security Lecture 11: Energy and security considerations in wireless PHY +

Lecture 11: Energy and security Lecture 11: Energy and security considerations in wireless PHY + link considerations in wireless PHY + link layers layers Mythili Vutukuru CS 653 Spring 2014 Feb 10, Monday Energy and Security We will

259 views • 8 slides
ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol

ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol

ECE 650 Systems Programming & Engineering Spring 2018 Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Dynamic Host Configuration Protocol

722 views • 25 slides
DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson

DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson

DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson OGUD consulting Peter Koch DENIC eG 2007-12-02 DNS Tutorial @ IETF-70 1 ogud@ogud.com & pk@denic.de Tutorial Overview Goal: Give

736 views • 54 slides
Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The

Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The

Domain Name System (DNS) Smith College, CSC 249 Feb 6, 2017 1 TODAY: Domain Name System q The directory system for the Internet v Used by other application layer protocols v via socket programming q Maps a hostname to an IP address v Host

431 views • 19 slides
1 Classical CSP Classical CSP Valued CSP Valued CSP For each constraint/tuple : a valuation

1 Classical CSP Classical CSP Valued CSP Valued CSP For each constraint/tuple : a valuation

Example: Bioinformatics Example: Bioinformatics RNA is single-strand molecule, composed of A,U,G,C Soft Constraint Processing Soft Constraint Processing Function of RNA depends on structure (3-D folding) Structure induced by base

615 views • 28 slides
DNS Observatory: The Big Picture of the DNS Pawe Foremski Oliver Gasser Giovane C. M. Moura

DNS Observatory: The Big Picture of the DNS Pawe Foremski Oliver Gasser Giovane C. M. Moura

DNS Observatory: The Big Picture of the DNS Pawe Foremski Oliver Gasser Giovane C. M. Moura Farsight Security / IITiS PAN Technical University of Munich SIDN Labs / TU Delft pjf@fsi.io gasser@net.in.tum.de giovane.moura@sidn.nl ACM IMC

1.33k views • 29 slides
The DNS as a directory for identities ICANN DNS Symposium 2018, Montreal Vittorio Bertola

The DNS as a directory for identities ICANN DNS Symposium 2018, Montreal Vittorio Bertola

The DNS as a directory for identities ICANN DNS Symposium 2018, Montreal Vittorio Bertola <vittorio.bertola@open-xchange.com> 1 Premise: We need proper online identities Traditionally, we only had accounts And they were not

302 views • 18 slides
Passive DNS Collection and Analysis The 'dnstap' (& fstrm) Approach Farsight Security, Inc.

Passive DNS Collection and Analysis The 'dnstap' (& fstrm) Approach Farsight Security, Inc.

Passive DNS Collection and Analysis The 'dnstap' (& fstrm) Approach Farsight Security, Inc. December 2014 Importance of Measuring DNS High volume low latency datagram protocol Channel 202; 40 sources; 1,657,398,226,932 bytes/day;

196 views • 19 slides
Encapsulation End-to-End Argument Source Transport Saltzer, Reed & Clark, 1981 src &

Encapsulation End-to-End Argument Source Transport Saltzer, Reed & Clark, 1981 src &

Encapsulation End-to-End Argument Source Transport Saltzer, Reed & Clark, 1981 src & dst ports + Network src & dst IP addresses + message M Application src & dst MAC addresses Link segment H T M Transport datagram H N

354 views • 6 slides

More recommend