understanding dnscurve d j bernstein university of
play

Understanding DNSCurve D. J. Bernstein University of Illinois at - PDF document

Feb 26, 2024 •479 likes •890 views

Understanding DNSCurve D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Disclaimer: I havent released DNSCurve software yet. But you can try prototypes: @mdempsky s DNSCurve cache, @hhavt s

  1. Understanding DNSCurve D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Disclaimer: I haven’t released DNSCurve software yet. But you can try prototypes: @mdempsky ’s DNSCurve cache, @hhavt ’s CurveDNS server. See also related projects: NaCl, DNSCrypt, CurveCP, MinimaLT. Varying release levels.

  2. DNS in a nutshell 1 Browser ✦ DNS: twitter.com?

  3. DNS in a nutshell 1 Browser ✦ DNS: twitter.com? 2 DNS ✦ browser: twitter.com A 199.16.156.38

  4. DNS in a nutshell 1 Browser ✦ DNS: twitter.com? 2 DNS ✦ browser: twitter.com A 199.16.156.38 0 Admin ✦ ns2.twitter.com : twitter.com A 199.16.156.38

  5. DNS in a nutshell 1 Browser ✦ DNS: twitter.com? 2 DNS ✦ browser: twitter.com A 199.16.156.38 0 Admin ✦ ns2.twitter.com : twitter.com A 199.16.156.38 1 Browser ✦ ns2.twitter.com : twitter.com?

  6. DNS in a nutshell 1 Browser ✦ DNS: twitter.com? 2 DNS ✦ browser: twitter.com A 199.16.156.38 0 Admin ✦ ns2.twitter.com : twitter.com A 199.16.156.38 1 Browser ✦ ns2.twitter.com : twitter.com? 2 ns2.twitter.com ✦ browser: twitter.com A 199.16.156.38

  7. � 3 com admin ✦ f.ns.com : twitter.com NS ns2... ns2... A 204.13.250.34

  8. � 3 com admin ✦ f.ns.com : twitter.com NS ns2... ns2... A 204.13.250.34 � 2 Browser ✦ f.ns.com : twitter.com?

  9. � 3 com admin ✦ f.ns.com : twitter.com NS ns2... ns2... A 204.13.250.34 � 2 Browser ✦ f.ns.com : twitter.com? � 1 f.ns.com ✦ browser: twitter.com NS ns2... ns2... A 204.13.250.34

  10. � 3 com admin ✦ f.ns.com : twitter.com NS ns2... ns2... A 204.13.250.34 � 2 Browser ✦ f.ns.com : twitter.com? � 1 f.ns.com ✦ browser: twitter.com NS ns2... ns2... A 204.13.250.34 0 Twitter admin ✦ ns2 : twitter.com A 199.16.156.38

  11. � 3 com admin ✦ f.ns.com : twitter.com NS ns2... ns2... A 204.13.250.34 � 2 Browser ✦ f.ns.com : twitter.com? � 1 f.ns.com ✦ browser: twitter.com NS ns2... ns2... A 204.13.250.34 0 Twitter admin ✦ ns2 : twitter.com A 199.16.156.38 1 Browser ✦ 204.13.250.34: twitter.com?

  12. � 3 com admin ✦ f.ns.com : twitter.com NS ns2... ns2... A 204.13.250.34 � 2 Browser ✦ f.ns.com : twitter.com? � 1 f.ns.com ✦ browser: twitter.com NS ns2... ns2... A 204.13.250.34 0 Twitter admin ✦ ns2 : twitter.com A 199.16.156.38 1 Browser ✦ 204.13.250.34: twitter.com? 2 204.13.250.34 ✦ browser: twitter.com A 199.16.156.38

  13. Often even more steps: ✎ Maybe browser doesn’t know where .com server is. Has to ask root server.

  14. Often even more steps: ✎ Maybe browser doesn’t know where .com server is. Has to ask root server. ✎ twitter.com server name is actually ns2.p34.dynect.net . Is browser allowed to accept ns2.p34.dynect.net address from the .com server? Does it have to ask .net ?

  15. Often even more steps: ✎ Maybe browser doesn’t know where .com server is. Has to ask root server. ✎ twitter.com server name is actually ns2.p34.dynect.net . Is browser allowed to accept ns2.p34.dynect.net address from the .com server? Does it have to ask .net ? ✎ Browser actually pulls from a laptop-wide DNS cache. Or a site-wide DNS cache.

  16. DNS in the real world The user doesn’t want twitter.com ’s IP address. The user wants to pull tweets from Twitter, push tweets to Twitter.

  17. DNS in the real world The user doesn’t want twitter.com ’s IP address. The user wants to pull tweets from Twitter, push tweets to Twitter. The big picture: DNS is just one small part of any real Internet protocol. Typical examples: HTTP starts with DNS. SMTP starts with DNS. SSH starts with DNS.

  18. Real Internet protocol example: User asks browser for

  19. Real Internet protocol example: User asks browser for http://theguardian.com .

  20. Real Internet protocol example: User asks browser for http://theguardian.com . Many levels of redirection: root DNS ✼✦ .com DNS ✼✦ .theguardian.com DNS ✼✦ http://theguardian.com ✼✦ http://www.theguardian.com ✼✦ http://www.theguardian.com/uk . And then the hard work begins: browser receives page, displays page for user.

  21. What does DNS security mean? Crypto goals: confidentiality, integrity, and availability for the user’s communication. Security for IP addresses is irrelevant unless it helps protect user communication.

  22. What does DNS security mean? Crypto goals: confidentiality, integrity, and availability for the user’s communication. Security for IP addresses is irrelevant unless it helps protect user communication. Consider DNSSEC marketing: isc.org is “signed” by DNSSEC.

  23. What does DNS security mean? Crypto goals: confidentiality, integrity, and availability for the user’s communication. Security for IP addresses is irrelevant unless it helps protect user communication. Consider DNSSEC marketing: isc.org is “signed” by DNSSEC. Reality: What DNSSEC signs is an IP-address redirection: isc.org A 149.20.64.69 . This is meaningless for users.

  24. Example of bogus “security”: “You can’t trust online servers. Our DNS data is signed offline by a Hardware Security Module in a fortress in Maryland protected by machine guns. Signing procedure requires 3 out of 16 smart cards held by VeriSign Trust Managers.”

  25. Example of bogus “security”: “You can’t trust online servers. Our DNS data is signed offline by a Hardware Security Module in a fortress in Maryland protected by machine guns. Signing procedure requires 3 out of 16 smart cards held by VeriSign Trust Managers.” Does this protect users? No! The web server is online, and most web pages are dynamic. The mail server is online. The shell server is online.

  26. Occasionally user data is broadcast+static+single-source, so offline creation and signing might help protect integrity.

  27. Occasionally user data is broadcast+static+single-source, so offline creation and signing might help protect integrity. But this is a rare corner case. Offline creation and signing: impossible for most user data.

  28. Occasionally user data is broadcast+static+single-source, so offline creation and signing might help protect integrity. But this is a rare corner case. Offline creation and signing: impossible for most user data. By insisting on signatures, DNSSEC creates problems for lookups of dynamic DNS data; lookups of nonexistent names; speed; robustness; availability; freshness; confidentiality. Analogy: imagine HTTPSEC.

  29. DNSCurve, CurveCP, etc.

  30. DNSCurve, CurveCP, etc. Most Internet connections today have no cryptographic protection.

  31. DNSCurve, CurveCP, etc. Most Internet connections today have no cryptographic protection. The big plan: replace DNS with DNSCurve, TCP with CurveCP, HTTP with HTTPCurve, etc.

  32. DNSCurve, CurveCP, etc. Most Internet connections today have no cryptographic protection. The big plan: replace DNS with DNSCurve, TCP with CurveCP, HTTP with HTTPCurve, etc. All client data is authenticated + encrypted to server’s public key from client’s public key. All server data is authenticated + encrypted to client’s public key from server’s public key.

  33. Crypto layer is very close to network layer. Each packet is authenticated + encrypted just before it is sent. Each packet is verified + decrypted immediately after it is received.

  34. Crypto layer is very close to network layer. Each packet is authenticated + encrypted just before it is sent. Each packet is verified + decrypted immediately after it is received. Much less invasive than DNSSEC for DNS protocol, DNS databases, DNS implementations. Also easy for HTTP etc.

  35. Crypto layer is very close to network layer. Each packet is authenticated + encrypted just before it is sent. Each packet is verified + decrypted immediately after it is received. Much less invasive than DNSSEC for DNS protocol, DNS databases, DNS implementations. Also easy for HTTP etc. Separate authenticator on every packet also improves availability. No more RST attacks.

  36. How does server obtain client’s public key?

  37. How does server obtain client’s public key? Client sends it with first packet.

  38. How does server obtain client’s public key? Client sends it with first packet. How does client obtain server’s public key?

  39. How does server obtain client’s public key? Client sends it with first packet. How does client obtain server’s public key? Client already had mechanism to obtain server address. Server sneaks public key into that mechanism.

  40. How does server obtain client’s public key? Client sends it with first packet. How does client obtain server’s public key? Client already had mechanism to obtain server address. Server sneaks public key into that mechanism. No extra packets. Serious crypto for each packet, but state-of-the-art crypto (Curve25519, Salsa20, Poly1305) easily keeps up with the network.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DNSCurve D. J. Bernstein University of Illinois at Chicago The Domain Name System uma.es

DNSCurve D. J. Bernstein University of Illinois at Chicago The Domain Name System uma.es

DNSCurve D. J. Bernstein University of Illinois at Chicago The Domain Name System uma.es wants to see http://www.iitk.ac.in . Browser at uma.es The web server www.iitk.ac.in has IP address

1.12k views • 80 slides
High-speed cryptography, DNSSEC, and DNSCurve D. J. Bernstein University of Illinois at Chicago

High-speed cryptography, DNSSEC, and DNSCurve D. J. Bernstein University of Illinois at Chicago

High-speed cryptography, DNSSEC, and DNSCurve D. J. Bernstein University of Illinois at Chicago NSF ITR0716498 Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address, makes

924 views • 61 slides
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address, makes an SMTP connection, sends

617 views • 40 slides
DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research and Instruction in Technologies for Electronic Security Department of Computer Science University of Illinois at Chicago The Domain Name

598 views • 48 slides
Understanding brute force Cryptanalyst wants to find secret 128-bit AES key , D. J. Bernstein

Understanding brute force Cryptanalyst wants to find secret 128-bit AES key , D. J. Bernstein

Understanding brute force Cryptanalyst wants to find secret 128-bit AES key , D. J. Bernstein (0). given AES Thanks to: He builds an attack machine. University of Illinois at Chicago NSF CCR9983950 Machine 1: His

428 views • 11 slides
Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

1 Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein, Henry de Valence, Tanja Lange, Christine van Vredendaal. Short generators without quantum computers: the case of multiquadratics. Eurocrypt

1.13k views • 97 slides
The DNS security mess D. J. Bernstein Thanks to: University of Illinois at Chicago NSF

The DNS security mess D. J. Bernstein Thanks to: University of Illinois at Chicago NSF

The DNS security mess D. J. Bernstein Thanks to: University of Illinois at Chicago NSF CCR9983950 Alfred P. Sloan Foundation Math Sciences Research Institute University of California at Berkeley

596 views • 33 slides
Randomness Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit

Randomness Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit

Randomness Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit Eindhoven Tanja Lange Technische Universiteit Eindhoven Preliminary analysis of some submissions to snakeoil.cr.yp.to Daniel J. Bernstein University

363 views • 32 slides
Binary Edwards Curves Daniel J. Bernstein Tanja Lange University of Illinois at Chicago and

Binary Edwards Curves Daniel J. Bernstein Tanja Lange University of Illinois at Chicago and

Binary Edwards Curves Daniel J. Bernstein Tanja Lange University of Illinois at Chicago and Technische Universiteit Eindhoven djb@cr.yp.to tanja@hyperelliptic.org 12.08.2008 joint work with Reza Rezaeian Farashahi, Eindhoven D. J. Bernstein

428 views • 27 slides
Entropy-based Concept Shift Detection Peter Vorburger, Abraham Bernstein University of Zurich

Entropy-based Concept Shift Detection Peter Vorburger, Abraham Bernstein University of Zurich

Entropy-based Concept Shift Detection Peter Vorburger, Abraham Bernstein University of Zurich Department of Informatics Binzm uhlestrasse 14, 8050 Zurich, Switzerland { vorburger, bernstein } @ifi.unizh.ch Abstract per is a real-world

176 views • 6 slides
On the correct use of the negation map in the Pollard rho method D. J. Bernstein University of

On the correct use of the negation map in the Pollard rho method D. J. Bernstein University of

On the correct use of the negation map in the Pollard rho method D. J. Bernstein University of Illinois at Chicago Tanja Lange Technische Universiteit Eindhoven Joint work with: Peter Schwabe Academia Sinica Full version of paper with

833 views • 56 slides
Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische

Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische

Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Crypto horror stories Daniel J. Bernstein Horror story 1 RC4 Crypto horror stories Daniel J. Bernstein RC4 stream cipher:

799 views • 61 slides
Jet list decoding D. J. Bernstein University of Illinois at Chicago Thanks to: NSF (1018836)

Jet list decoding D. J. Bernstein University of Illinois at Chicago Thanks to: NSF (1018836)

Jet list decoding D. J. Bernstein University of Illinois at Chicago Thanks to: NSF (1018836) NIST (60NANB10D263) Cisco (University Research Program) Interpolation Fix coprime 1 Z 0 . Remainder repn

1.19k views • 70 slides
Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago

Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago

Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein 1919 The Womens Christian Temperance Union

552 views • 29 slides
Predicting NFS time D. J. Bernstein University of Illinois at Chicago Thanks to: NSF

Predicting NFS time D. J. Bernstein University of Illinois at Chicago Thanks to: NSF

Predicting NFS time D. J. Bernstein University of Illinois at Chicago Thanks to: NSF DMS9600083 NSF DMS9970409 NSF DMS0140542 Alfred P. Sloan Foundation NSF ITR0716498 T as the time Define n . used by NFS to factor T depends on

433 views • 31 slides
Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University

Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University

Post-quantum cryptography Daniel J. Bernstein University of Illinois at Chicago; Ruhr University Bochum Wikipedia: Hoover became a controversial figure as evidence of his secretive abuses of power began to surface. He was found to have

1.21k views • 103 slides
Eliciting Informative Feedback: The Peer-Prediction Method Nolan Miller, Paul Resnick, &

Eliciting Informative Feedback: The Peer-Prediction Method Nolan Miller, Paul Resnick, &

Problem and Setup Initial Game Extensions Further Work Conclusion Experiment Eliciting Informative Feedback: The Peer-Prediction Method Nolan Miller, Paul Resnick, & Richard Zeckhauser Thomas Steinke & David Rezza Baqaee Problem

764 views • 17 slides
The Entropy Rounding Method in Approximation Algorithms Thomas Rothvo Department of

The Entropy Rounding Method in Approximation Algorithms Thomas Rothvo Department of

The Entropy Rounding Method in Approximation Algorithms Thomas Rothvo Department of Mathematics, M.I.T. Carg` ese 2011 A general rounding problem Problem: Given: A R n m , fractional solution x [0 , 1] m Find: y { 0 ,

1.55k views • 126 slides
Convergence of a Stochastic Gradient Method with Momentum for Non-Smooth Non-Convex Optimization

Convergence of a Stochastic Gradient Method with Momentum for Non-Smooth Non-Convex Optimization

Convergence of a Stochastic Gradient Method with Momentum for Non-Smooth Non-Convex Optimization Vien V. Mai and Mikael Johansson KTH - Royal Institute of Technology Stochastic optimization Stochastic optimization problem: minimize f ( x

381 views • 20 slides
Collaborators Figen Oztoprak Stefan Solntsev Richard Byrd 2 Outline 1. How to improve

Collaborators Figen Oztoprak Stefan Solntsev Richard Byrd 2 Outline 1. How to improve

An Evolving Gradient Resampling Method for Machine Learning Jorge Nocedal Northwestern University NIPS, Montreal 2015 1 Collaborators Figen Oztoprak Stefan Solntsev Richard Byrd 2 Outline 1. How to improve upon the stochastic gradient

703 views • 36 slides
Network Layer network layer services virtual circuit and datagram Goals: networks

Network Layer network layer services virtual circuit and datagram Goals: networks

Overview: Network Layer network layer services virtual circuit and datagram Goals: networks whats inside a router? understand principles behind network layer IP: Internet Protocol services: IPv4 datagram format

396 views • 23 slides
Software Security Prof. Dr. Jean-Pierre Seifert jpseifert@sec.t-labs.tu-berlin.de

Software Security Prof. Dr. Jean-Pierre Seifert jpseifert@sec.t-labs.tu-berlin.de

Software Security Prof. Dr. Jean-Pierre Seifert jpseifert@sec.t-labs.tu-berlin.de http://www.sec.t-labs.tu-berlin.de/ 1 Defenses against Memory Corruption 2 Preventing Buffer Overflows Use safe programming languages, e.g., Java

851 views • 69 slides
Integration of Routing and Switching Label Switching & IP switching The goal is to avoid

Integration of Routing and Switching Label Switching & IP switching The goal is to avoid

Integration of Routing and Switching Label Switching & IP switching The goal is to avoid executing packet forwarding algorithm for each and every packet and replace it with switching in hardware. The result is faster and less expensive IP

440 views • 23 slides
LAN FRAME FORMATS www.sorin-schwartz.com IEEE 802.2 - LLC (Logical link Control) ----- 1 -----

LAN FRAME FORMATS www.sorin-schwartz.com IEEE 802.2 - LLC (Logical link Control) ----- 1 -----

LAN FRAME FORMATS www.sorin-schwartz.com IEEE 802.2 - LLC (Logical link Control) ----- 1 ----- DSAP field (1byte) SSAP field (1byte) M DA 6 A X X X X X X U I X X X X X X U C SA 6 C LSB LSB ----- 2 L DSAP=P.ID 1

305 views • 6 slides

More recommend