ecdsa p 256 support in dnssec validating resolvers
play

ECDSA P-256 support in DNSSEC-validating Resolvers Geoff Huston - PowerPoint PPT Presentation

Sep 01, 2022 •136 likes •416 views

ECDSA P-256 support in DNSSEC-validating Resolvers Geoff Huston APNIC Labs February 2016 ECDSA Elliptic Curve Cryptography allows for the construction of strong public/private key pairs with key lengths that are far shorter than

  1. ECDSA P-256 support in DNSSEC-validating Resolvers Geoff Huston APNIC Labs February 2016

  2. ECDSA • Elliptic Curve Cryptography allows for the construction of “strong” public/private key pairs with key lengths that are far shorter than equivalent strength keys using RSA “256-bit ECC public key should provide comparable security to a 3072-bit RSA public key” * • And the DNS protocol has some sensitivities over size when using UDP – UDP fragmentation has its issues in both V4 and V6 * http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

  3. ECDSA vs RSS $ dig +dnssec u5221730329.s1425859199.i5075.vcf100.5a593.y.dotnxdomain.net $ dig +dnssec u5221730329.s1425859199.i5075.vcf100.5a593.z.dotnxdomain.net ; <<>> DiG 9.9.6-P1 <<>> +dnssec u5221730329.s1425859199.i5075.vcf100.5a593.y.dotnxdomain.net ; <<>> DiG 9.9.6-P1 <<>> +dnssec u5221730329.s1425859199.i5075.vcf100.5a593.z ;; global options: +cmd ;; global options: +cmd ;; Got answer: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61126 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25461 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;; QUESTION SECTION: ;u5221730329.s1425859199.i5075.vcf100.5a593.y.dotnxdomain.net. IN A ;u5221730329.s1425859199.i5075.vcf100.5a593.z.dotnxdomain.net. IN A ;; ANSWER SECTION: ;; ANSWER SECTION: u5221730329.s1425859199.i5075.vcf100.5a593.y.dotnxdomain.net. 1 u5221730329.s1425859199.i5075.vcf100.5a593.z.dotnxdomain.net. IN A 144.76.167.10 1 IN A 199.102.79.186 u5221730329.s1425859199.i5075.vcf100.5a593.y.dotnxdomain.net. 1 u5221730329.s1425859199.i5075.vcf100.5a593.z.dotnxdomain.net. IN RRSIG A 13 4 3600 20200724235900 20150301105936 35456 5a593.y.dotnxdomain.net. 1 IN RRSIG A 5 ;; AUTHORITY SECTION: ;; AUTHORITY SECTION: ns1.5a593.y.dotnxdomain.net. 1 IN NSEC x.5a593.y.dotnxdomain.net. 33d23a33.3b7acf35.9bd5b553.3ad4aa35.09207c36.a095a7ae.1dc33700.103ad556.3a564 A RRSIG NSEC ns1.5a593.y.dotnxdomain.net. 1 IN RRSIG NSEC 13 5 1 20200724235900 33d23a33.3b7acf35.9bd5b553.3ad4aa35.09207c36.a095a7ae.1dc33700.103ad556.3a564 20150301105936 35456 5a593.y.dotnxdomain.net. vM+5YEkAc8B9iYHV3ZO3 5a593.y.dotnxdomain.net. 3598IN NS ns1.5a593.y.dotnxdomain.net. 5a593.z.dotnxdomain.net. 3599IN NS nsz1.z.dotnxdomain.net. 5a593.y.dotnxdomain.net. 3600IN RRSIG NS 13 4 3600 20200724235900 20150301105936 5a593.z.dotnxdomain.net. 35456 5a593.y.dotnxdomain.net. 3600IN RRSIG NS 5 4 3600 20200724235900 dzFik3O4HhiEg8TXcn3dCFdCfXC 20130729104013 ;; Query time: 1880 msec ;; Query time: 1052 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Mar 12 03:59:42 UTC 2015 ;; WHEN: Thu Mar 12 03:59:57 UTC 2015 ;; MSG SIZE rcvd: 527 ;; MSG SIZE rcvd: 937 ECDSA signed response – 527 octets RSA signed response – 937 octets

  4. So lets use ECDSA for DNSSEC Yes!

  5. So lets use ECDSA for DNSSEC Or maybe we should look before we leap... – Is ECDSA a “well supported” crypto protocol? – If you signed using ECDSA would resolvers validate the signature?

  6. The Test Environment We use the Google Ad network in to deliver a set of DNS tests to clients to determine whether (or not) they use DNSSEC validating resolvers We use 5 tests: 1. no DNSSEC-signature at all 2. DNSSEC signature using RSA-based algorithm 3. DNSSEC signature using broken RSA-based algorithm 4. DNSSEC signature using ECDSA P-256 algorithm 5. DNSSEC signature using broken ECDSA P-256 algorithm

  7. The Test Environment Unsigned d.t10000.u2045476887.s1412035201.i5053.vne0001.4f167.z.dashnxdomain.net RSA Signed e.t10000.u2045476887.s1412035201.i5053.vne0001.4f167.z.dotnxdomain.net RSA signed (Badly) f.t10000.u2045476887.s1412035201.i5053.vne0001.4f168.z.dotnxdomain.net ECDSA-Signed m.t10000.u2045476887.s1412035201.i5053.vne0001.4f167.y.dotnxdomain.net ECDSA-Signed (bad!) n.t10000.u2045476887.s1412035201.i5053.vne0001.4f168.y.dotnxdomain.net Unique Signed Mapped to a wildcard in the zone file Zone

  8. A Naive View A non-DNSSEC-validating resolver query: A? Seen: Single A Query DNS Forwarders A A DNSSEC-Validating resolver query: A + EDNS0(DNSSEC OK) ? A + RRSIG DNS Forwarders DS + EDNS0(DNSSEC OK)? DS + RRSIG Seen: A, DS, DNSKEY Queries DNSKEY + EDNS0(DNSSEC OK) ? DNSKEY + RRSIG

  9. Theory: DNSSEC Validating Queries e.t10000.u2045476887.s1412035201.i5053.vne0001.4f167.z.dotnxdomain.net 1. Query for the A resource record with EDNS0, DNSSEC-OK query: e.t10000.u204546887.s1412035201.i5053.vne0001.4f167.z.dotnxdomain.net IN A +ED 2. Query the parent domain for the DS resource record query: 4f167.z.dotnxdomain.net IN DS +ED 3. Query for the DNSKEY resource record query: 4f167.z.dotnxdomain.net IN DNSKEY +ED

  10. Practice: The DNS is “messy” • Clients typically use multiple resolvers, and use local timeouts to repeat the query across these resolvers • Resolvers may use slave farms, so that queries from a common logical resolution process may be presented to the authoritative name server from multiple resolvers, and each slave resolver that directs queries to servers may present only a partial set of validation queries • Resolvers may use forwarding resolvers, and may explicitly request checking disabled to disable the forwarding resolver from performing validation itself • Clients and resolvers have their own independent retry and abandon timers

  11. DNS Mess! Queries for a single badly signed (RSA) name: Resolver Queries 200.55.224.68: A#,K#,D# Queries via ISP resolver set 74.125.19.147: A#,D#,K#,D#,D# 74.125.19.145: K#,K# 200.55.224.67: A#,A#,A,K#,K#,D# 74.125.19.148: D# Via Google PDNS Slave Resolvers #: EDNS(0) DNSSEC OK flag set What is going on here?

  12. DNS Mess! Queries for a single badly signed (RSA) name: Resolver Queries Failed validation (SERVFAIL) from the initial query to ISP resolver causes client to ask Google PDNS resolver 200.55.224.68: A#,K#,D# Failed validation appears to cause client to repeat the 74.125.19.147: A#,D#,K#,D#,D# query to Google PDNS 2 further times 74.125.19.145: K#,K# Failed validation appears to cause client to repeat the query to ISP ’ s resolver 2 (or 3?) further times 200.55.224.67: A#,A#,A,K#,K#,D# No clue why this is an orphan DS query! 74.125.19.148: D# #: EDNS(0) DNSSEC OK flag set

  13. First Approach to answering the ECDSA question – Statistical Inference • A DNSSEC-aware resolver encountering a RR with an attached RRSIG that uses a known algorithm will query for DS and DNSKEY RRs • A DNSSEC-aware resolver encountering a RR with an attached RRSIG that uses an unknown/unsupported crypto algorithm appears not to query for the DNSKEY RRs

  14. Results Over 45 days in December 2015 – January 2016 we saw: 765,257,019 completed experiments 208,980,333 experiments queried for the DNSKEY RR of a validly signed (RSA) domain (27.3% ) 183,240,945 experiments queried for the DNSKEY RR of a validly signed (ECDSA) domain ( 23.9% ) If we assume that the DNSKEY query indicates that the resolver “recognises” the protocol, then it appears that there is a fall by 8.2% in validation when using the ECC protocol 1 in 3 RSA experiments that fetched the DNSKEY did not fetch the ECC DNSKEY

  15. Results Over 45 days in December 2015 – January 2016 we saw: 765,257,019 completed experiments 208,980,333 experiments queried for the DNSKEY RR of a validly signed (RSA) domain (27.3% ) 183,240,945 experiments queried for the DNSKEY RR of a validly signed (ECDSA) domain ( 23.9% ) If we assume that the DNSKEY query indicates that the resolver “recognises” the protocol, then it appears that there is a fall by 19.5% in validation when using the ECC protocol 1 in 5 RSA experiments that fetched the DNSKEY did not fetch the ECC DNSKEY

  16. That’s better than it was… Over 22 days in September 2014 we saw: 3,773,420 experiments 937,166 experiments queried for the DNSKEY RR of a validly signed (RSA) domain ( 24.8% ) 629,726 experiments queried for the DNSKEY RR of a validly signed (ECC) domain ( 16.6% ) 1 in 3 experiments that fetched the DNSKEY in RSA did not fetch the ECDSA-signed DNSKEY

  17. Protocol Recognition • When does the resolver “recognise” the signing protocol? – RRSIG field? – DS RR? – DNSKEY RR? Experiments ECDSA DS ECDSA DNSKEY RSA DS RSA DNSKEY 11,988,195 2,957,855 2,391,298 2,963,888 2,970,902

  18. Protocol Recognition • When does the resolver “recognise” the signing protocol? – RRSIG field? – DS RR? – DNSKEY RR? Experiments ECDSA DS ECDSA DNSKEY RSA DS RSA DNSKEY 11,988,195 2,957,855 2,391,298 2,963,888 2,970,902 This indicates that a validating resolver appears to fetch the DS RR irrespective of the signing protocol, and only fetches the DNSKEY RR if it recognizes the zone signing protocol.

  19. The Words of the Ancients

  20. The Words of the Ancients RFC 4035 If the resolver does not support any of the algorithms listed in an authenticated DS RRset, then the resolver will not be able to verify the authentication path to the child zone. In this case, the resolver SHOULD treat the child zone as if it were unsigned.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DNSSEC on Campus By Michael Sinatra University of California, Berkeley You didnt think I

DNSSEC on Campus By Michael Sinatra University of California, Berkeley You didnt think I

DNSSEC on Campus By Michael Sinatra University of California, Berkeley You didnt think I was really going to use that font, did you? What we did Began validating DNSSEC responses on our caching resolvers using ISC DLV in October 2008

504 views • 21 slides
A flexible DNSSEC-validating Resolver Ondej Sur ondrej.sury@nic.cz 7.3.2016 What

A flexible DNSSEC-validating Resolver Ondej Sur ondrej.sury@nic.cz 7.3.2016 What

A flexible DNSSEC-validating Resolver Ondej Sur ondrej.sury@nic.cz 7.3.2016 What is Knot DNS Resolver? Platform for building recursive DNS service Open-source DNS Resolver (GPLv3+) Full DNSSEC support: RFC 6650

265 views • 12 slides
Adding new DNSSEC algorithms: reality check lafur Gu mundsson olafur at CloudFlare dot com

Adding new DNSSEC algorithms: reality check lafur Gu mundsson olafur at CloudFlare dot com

Adding new DNSSEC algorithms: reality check lafur Gu mundsson olafur at CloudFlare dot com Disclaimer: we have done this First major DNSSEC user of ECDSA P256 Working on getting others to support it ICANN Registration model is

981 views • 9 slides
Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany November 6, 2020 NIST Workshop on Multi-Party Threshold Schemes 2020 Based on work published at ESORICS20 with Anders Dalskov, Marcel Keller,

775 views • 63 slides
Discovery method for a DNSSEC validating stub resolver Xavier Torrent Gorj on Supervisor:

Discovery method for a DNSSEC validating stub resolver Xavier Torrent Gorj on Supervisor:

Discovery method for a DNSSEC validating stub resolver Xavier Torrent Gorj on Supervisor: Willem Toorop System and Network Engineering Universiteit van Amsterdam Research Project 2 Xavier Torrent Gorj on Supervisor: Willem Toorop

446 views • 20 slides
DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010

DNSSEC Workshop @ ICANN Activities from the Region: - DNSSEC deployment in .pt 23 June 2010 Sara Monteiro Technical Infrastructure Service of DNS.PT Agenda ! About us ! Scope ! Goals ! Initiatives and Support ! Developments on .pt ! Next Steps

468 views • 11 slides
.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS

DNS Resolvers Considered Harmful Kyle Schomp, Mark Allman, and Michael Rabinovich 2 DNS resolvers abstract complexity and offer the possibility of improved performance and better scalability . Why are they harmful? 3 Resolvers Are Vulnerable

618 views • 34 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
Threshold ECDSA from ECDSA assumptions: the multiparty case Jack Doerner , Yashvanth Kondi , Eysa

Threshold ECDSA from ECDSA assumptions: the multiparty case Jack Doerner , Yashvanth Kondi , Eysa

Threshold ECDSA from ECDSA assumptions: the multiparty case Jack Doerner , Yashvanth Kondi , Eysa Lee , and abhi shelat j@ckdoerner.net ykondi@ccs.neu.edu eysa@ccs.neu.edu abhi@neu.edu Northeastern University Traditional Signature

868 views • 57 slides
DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN44 DNSSEC activities @ nic.at Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 27 2012 Alexander Mayrhofer Prague, CZ alexander.mayrhofer@nic.at ICANN44 .at DNSSEC Timeline Testbed DS in root Feb 2011 Feb 09

404 views • 8 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
Return of the Hidden Number Problem A Widespread and Novel Key Extraction Attack on ECDSA and DSA

Return of the Hidden Number Problem A Widespread and Novel Key Extraction Attack on ECDSA and DSA

Return of the Hidden Number Problem A Widespread and Novel Key Extraction Attack on ECDSA and DSA Keegan Ryan NCC Group What is ROHNP? Key extraction attack on DSA and ECDSA Uses an old technique to target a new part of the algorithm

243 views • 23 slides
A Tale of Three Signatures: Practical Attack of ECDSA with wNAF Gabrielle De Micheli Joint work

A Tale of Three Signatures: Practical Attack of ECDSA with wNAF Gabrielle De Micheli Joint work

A Tale of Three Signatures: Practical Attack of ECDSA with wNAF Gabrielle De Micheli Joint work with R emi Piau and C ecile Pierrot Universit e de Lorraine, Inria Nancy, France Africacrypt 2020 Cairo, Egypt 1/32 How to attack ECDSA

646 views • 32 slides
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you

DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS query, without having to trust the

835 views • 49 slides
DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative

DNSSEC Trust Anchor Repositories (TAR) Update Russ Mundy Co-Chair DNSSEC Deployment Initiative Russ.Mundy@cobham.com / mundy@sparta.com www.dnssec-deployment.org DNSSEC Trust Anchors Starting point for DNSSEC validation Choice of

375 views • 16 slides
November 2015 Agenda 9M 2015 Highlights &amp; Destinations Update

November 2015 Agenda 9M 2015 Highlights &amp; Destinations Update

9M 2015 Results November 2015 Agenda 9M 2015 Highlights &amp; Destinations Update Page 3 Strategy update &amp; Financial review

205 views • 20 slides
Remaking Health Care Nurse Practitioners and Health Insurance Geoff Annals Health Funds NZ

Remaking Health Care Nurse Practitioners and Health Insurance Geoff Annals Health Funds NZ

Remaking Health Care Nurse Practitioners and Health Insurance Geoff Annals Health Funds NZ Chair Chief Executive Accuro Health Insurance Nurse Presentation plan Health insurance business Health care or health business History of

799 views • 40 slides
FROM THE EXPERIMENTAL TO THE FAMILIAR R. D. Holtz, PhD, PE, D.GE Professor Emeritus University

FROM THE EXPERIMENTAL TO THE FAMILIAR R. D. Holtz, PhD, PE, D.GE Professor Emeritus University

Proceedings CIGMAT-2015 Conference &amp; Exhibition GEOSYNTHETIC REINFORCED SOIL: FROM THE EXPERIMENTAL TO THE FAMILIAR R. D. Holtz, PhD, PE, D.GE Professor Emeritus University of Washington Seattle, Washington 98105 Abstract The lecture

424 views • 4 slides
Au ut th ho or r s s P Pr re es se en nt ta at ti io on n &amp; &amp;

Au ut th ho or r s s P Pr re es se en nt ta at ti io on n &amp; &amp;

Au ut th ho or r s s P Pr re es se en nt ta at ti io on n &amp; &amp; B Bo oo ok k S Si ig gn ni in ng g A Author Jack Turner is available for presentations and book signings. His 35-40-minute talk includes

402 views • 3 slides
Not allowed in this teaching!! You may not check your brain at the door. The Secret of God

Not allowed in this teaching!! You may not check your brain at the door. The Secret of God

God Had a Secret shhhh be quiet, be quiet Cant know the Program without knowing the Players Leviathan and Elohim (Psalm 74:12- 14; Isaiah 27: 1 (in that day)) The Satan and Elohim (Job1,2; Revelation 12: 9 and 20:7) Diameter of

266 views • 23 slides
EREN Workshop Agenda 10:00AM 11:00AM Introductory Presentations EREN Overview Laurie

EREN Workshop Agenda 10:00AM 11:00AM Introductory Presentations EREN Overview Laurie

EREN Workshop Agenda 10:00AM 11:00AM Introductory Presentations EREN Overview Laurie Anderson Turtle Project David Bowne Permanent Forest Plot Project Erin Lindquist Decomposition Project Carolyn Thomas 11:00AM 12:00PM

267 views • 14 slides
The College at Brockport Student Leadership Program 28 September 2009 Why? The College at

The College at Brockport Student Leadership Program 28 September 2009 Why? The College at

The College at Brockport Student Leadership Program 28 September 2009 Why? The College at Brockport promises to reveal to each student each day his or her capacity for intellectual, physical and creative accomplishment. Multi-dimensional

176 views • 15 slides
Social Injustice How can we come to understand social Historical Fiction Inspires issues in our

Social Injustice How can we come to understand social Historical Fiction Inspires issues in our

Narragansett Pier MS 3/20/2017 Social Injustice PBL Conference 7.1 ESSENTIAL QUESTION Social Injustice How can we come to understand social Historical Fiction Inspires issues in our own community and

226 views • 4 slides

More recommend