The Registry of the Future Cristian Hesselman 1 , Giovane C. M. - - PowerPoint PPT Presentation

the registry of the future
SMART_READER_LITE
LIVE PREVIEW

The Registry of the Future Cristian Hesselman 1 , Giovane C. M. - - PowerPoint PPT Presentation

Mar 20, 2024 427 likes •581 views

The Registry of the Future Cristian Hesselman 1 , Giovane C. M. Moura 1 , Ricardo de O. Schmidt 2 , and Cees Toet 1 1: SIDN, the Netherlands 2: University of Twente, the Netherlands Key Concept: TLD Control Plane Modular system that enables

slide-1
SLIDE 1

The Registry of the Future

Cristian Hesselman1, Giovane C. M. Moura1, Ricardo de O. Schmidt2, and Cees Toet1

1: SIDN, the Netherlands 2: University of Twente, the Netherlands

slide-2
SLIDE 2

Key Concept: TLD Control Plane

  • Modular system that enables a registry to further increase the
  • perational security and stability of its TLD by leveraging its key

datasets (registrations, zone file, DNS queries)

  • Motivation: protect TLD users from increasing number of attacks

(such as phishing, DDoS, and malware), thus increasing added value of the TLD

  • Approach: automatically share threat info with other players in

the TLD (collaborative security) and adapt registry’s DNS anycast services more dynamically

  • Today: overview and illustrate what it takes to run a control plane,

using .nl (the Netherlands) as a use case

slide-3
SLIDE 3

Required Functions

TLD operator Tradi-onal DNS Services Control Plane TLD players such as:

  • Access providers,
  • Hos-ng providers,
  • Registrars

DNS anycast network ENTRADA (mul--node cluster) threats

  • Ext. Data

Sources Clients t h r e a t s Dashboard reports specs DNS traffic zone file Hos-ng Provider Registrar Access Provider End-user Registrant DNS Resolver www.example.nl privacy policies Privacy Board threats reports domain registra-on transac-ons (e.g., EPP) DNS DNS stats Reconfig Commands Registra-on updates DNS Reconfigura-on Module (DRCM) stored data = anycast name server = hos-ng plaPorm Threat Detec-on Modules (TDMs) PEP PEP PEP 1 2

Extends standard registry func1ons

slide-4
SLIDE 4

Required Functions

TLD operator Tradi-onal DNS Services Control Plane TLD players such as:

  • Access providers,
  • Hos-ng providers,
  • Registrars

DNS anycast network ENTRADA (mul--node cluster) threats

  • Ext. Data

Sources Clients t h r e a t s Dashboard reports specs DNS traffic zone file Hos-ng Provider Registrar Access Provider End-user Registrant DNS Resolver www.example.nl privacy policies Privacy Board threats reports domain registra-on transac-ons (e.g., EPP) DNS DNS stats Reconfig Commands Registra-on updates DNS Reconfigura-on Module (DRCM) stored data = anycast name server = hos-ng plaPorm Threat Detec-on Modules (TDMs) PEP PEP PEP 1 2

Func%on 1: DNS traffic import, storage, and retrieval

slide-5
SLIDE 5

Required Functions

TLD operator Tradi-onal DNS Services Control Plane TLD players such as:

  • Access providers,
  • Hos-ng providers,
  • Registrars

DNS anycast network ENTRADA (mul--node cluster) threats

  • Ext. Data

Sources Clients t h r e a t s Dashboard reports specs DNS traffic zone file Hos-ng Provider Registrar Access Provider End-user Registrant DNS Resolver www.example.nl privacy policies Privacy Board threats reports domain registra-on transac-ons (e.g., EPP) DNS DNS stats Reconfig Commands Registra-on updates DNS Reconfigura-on Module (DRCM) stored data = anycast name server = hos-ng plaPorm Threat Detec-on Modules (TDMs) PEP PEP PEP 1 2

Func%on 2: threat detec1on and automa1c sharing

slide-6
SLIDE 6

Required Functions

TLD operator Tradi-onal DNS Services Control Plane TLD players such as:

  • Access providers,
  • Hos-ng providers,
  • Registrars

DNS anycast network ENTRADA (mul--node cluster) threats

  • Ext. Data

Sources Clients t h r e a t s Dashboard reports specs DNS traffic zone file Hos-ng Provider Registrar Access Provider End-user Registrant DNS Resolver www.example.nl privacy policies Privacy Board threats reports domain registra-on transac-ons (e.g., EPP) DNS DNS stats Reconfig Commands Registra-on updates DNS Reconfigura-on Module (DRCM) stored data = anycast name server = hos-ng plaPorm Threat Detec-on Modules (TDMs) PEP PEP PEP 1 2

Func%on 3: DNS anycast reconfigura1on

slide-7
SLIDE 7

Required Functions

TLD operator Tradi-onal DNS Services Control Plane TLD players such as:

  • Access providers,
  • Hos-ng providers,
  • Registrars

DNS anycast network ENTRADA (mul--node cluster) threats

  • Ext. Data

Sources Clients t h r e a t s Dashboard reports specs DNS traffic zone file Hos-ng Provider Registrar Access Provider End-user Registrant DNS Resolver www.example.nl privacy policies Privacy Board threats reports domain registra-on transac-ons (e.g., EPP) DNS DNS stats Reconfig Commands Registra-on updates DNS Reconfigura-on Module (DRCM) stored data = anycast name server = hos-ng plaPorm Threat Detec-on Modules (TDMs) PEP PEP PEP 1 2

Func%on 4: TLD-level security and stability visualiza1on

slide-8
SLIDE 8

Required Functions

TLD operator Tradi-onal DNS Services Control Plane TLD players such as:

  • Access providers,
  • Hos-ng providers,
  • Registrars

DNS anycast network ENTRADA (mul--node cluster) threats

  • Ext. Data

Sources Clients t h r e a t s Dashboard reports specs DNS traffic zone file Hos-ng Provider Registrar Access Provider End-user Registrant DNS Resolver www.example.nl privacy policies Privacy Board threats reports domain registra-on transac-ons (e.g., EPP) DNS DNS stats Reconfig Commands Registra-on updates DNS Reconfigura-on Module (DRCM) stored data = anycast name server = hos-ng plaPorm Threat Detec-on Modules (TDMs) PEP PEP PEP 1 2

Func%on 5: Privacy protec1on

slide-9
SLIDE 9

Function 1: ENTRADA (entrada.sidnlabs.nl)

slide-10
SLIDE 10

Function 2: Collaborative Security

Registrar Report Classifier Judicial Authori1es Domain Classifier Registrant Site Operator Resolver Operator Hos1ng Provider

no1fica1ons registra1on updates DNS queries and responses (ENTRADA) no1fica1ons no1fica1ons no1fica1ons registra1on updates inves1ga1on user reports DNS Name Servers domain name lookup (DNS) domain name lookup (DNS) Technical

  • pera1ons

Criminal inves1ga1on JTIE interac%es (index = domeinnaam) User DNS/EPP interac1on Threat intelligence flow

slide-11
SLIDE 11

Function 4: .nl Security Dashboard

slide-12
SLIDE 12

Next Steps

  • Flesh out TLD control plane functions through various

collaborative research projects

  • Incrementally transition the control plane into production
  • Continue to share and discuss with the (technical) community
  • Longer term: fully distributed control plane
  • Running at different DNS operators
  • Distributed threat detection/analysis
  • Sharing threat info using standard formats
  • Taking different privacy regulations into account
slide-13
SLIDE 13

Q&A

@SIDN SIDN SIDN.nl Follow us

Presentation based on:

  • C. Hesselman, G. Moura, R. de O. Schmidt, and C. Toet,

"Increasing DNS Security and Stability through a Control Plane for Top-level Domain Operators", IEEE Communications Magazine, Network and Service Management Series, January 2017 URL: https://www.sidnlabs.nl/downloads/papers-reports/ sidnlabs-commag.pdf