Download Slides - CSE

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
DNS Security
1
Fundamental Problems of
Network Security
• Internet was designed without security in mind
– Initial design focused more on how to make it work,
than on how to prevent abuses
– Initial environment mostly consisted of research
institutions---assumption on the benign behaviors of
users
• Fundamental security problem of current
network technology:
– Has no way of telling whether the resource is located
“correctly,” or the information is transferred
“correctly”
– Has no data authentication and confidentiality
protection
2
Example Security Problems by
Incorrect Resource Location
• DNS poisoning
• BGP routing vulnerabilities
• ARP poisoning
– ARP (Address Resolution Protocol) is used to query
for the MAC address associated with an IP address
– Any device attached physically to a subnet can claim
to be the “owner” of the IP
• IP Spoofing
– Routers typically do not check source IP addresses
– A packet can claim to be coming from any IP address
3
The Domain Name System
l
Basic Internet Database
n
n
l
Maps names to IP addresses
Also stores IPv6 addresses,
edu
mail servers, service
locators, Enum (phone
numbers), etc.
usf
Data organized as tree
structure.
n
Root
Each zone is the
authority for its local data.
4
com
cisco
ibm
uk
co
www
Adapted from slides of Prof. Dan Massey
at Colorado State University
Domain Name Service
• Provides binding between URL and IP address
– Both forward and reverse mapping
– Divide URL space into zones; Each name server
handles mapping in its zone
• DNS Resource Record (RR)
– Can be viewed as tuples of the form
<name, TTL, class, type, data>
– types: A (IP address)
MX (mail servers)
NS (name servers)
PTR (reverse look up)
5
DNS Protocol
root Server
NS Server for edu
(192.41.162.30)
ISP
What is the IP
address of
www.usf.edu?
What is the IP
address of
www.usf.edu?
131.247.182.171
ISP’s DNS Resolver
NS Server for usf.edu
(131.247.100.1)
6
Example
• Response from the .edu NS server
Delegation
of authority
;; QUESTION SECTION:
;www.usf.edu.
IN
A
;; AUTHORITY SECTION:
usf.edu.
172800 IN
usf.edu.
172800 IN
usf.edu.
172800 IN
NS
NS
NS
mother.usf.edu.
ziggy.usf.edu.
clemson-ns1.usf.edu.
;; ADDITIONAL SECTION:
mother.usf.edu.
172800 IN
ziggy.usf.edu.
172800 IN
clemson-ns1.usf.edu.
172800 IN
…
A
A
A
131.247.100.1
131.247.1.40
205.186.58.129
Glue records
7
DNS Security Problems
• A DNS resolver has no way to determine if the
response of a query does come from the
legitimate server
• It will accept a response if
– The port number matches the source port of the
request
– Has the correct Transaction ID (TXID).
• It will accept all RR’s that are in the queried
server’s bailiwick
– The bailiwick is the domain in which the server has
authority according to the referral path
8
Classical DNS Poisoning
DoS
flooding
ISP
What is the IP
address of
www.usf.edu?
What is the IP
address of
www.usf.edu?
recursive query
131.247.182.171
Recursive DNS
resolver
NS Server for usf.edu
9
Conditions for classical DNS
poisoning attacks
• Must guess right the correct source-port
number
• Must guess right the correct TXID (16 bits)
• The fake response must arrive before the
legitimate response
• If any of the above fails, the attack fails
and there will be no chance to attack again
until the TTL expires
10
Kaminsky Attack (2008)
1.1.1.1
ISP
What is the IP
address of
foo.usf.edu?
No such url
Recursive DNS
resolver
NS Server for usf.edu
11
Implication of Kaminsky Attack
• Dramatically reduces the complexity and
increases the effectiveness of DNS cache
poisoning
– No longer needs to wait for TTL to expire
– The attacker can control when and what
queries are issued
– A complete domain may be hijacked
• Even TLD’s are vulnerable
– Only needs 10 secs to succeed
12
Short-term mitigation
• Increase the brute-force search space
– 16 bits TXID is too small and can be easily
brute-forced
– Randomize source port number
– Use other entropy in DNS messages
• e.g. Letter cases in URL
13
Long-term Solution: DNSSEC
• Use public-key signature to authenticate DNS
messages
– Domain names already form a hierarchy
– Parent signs children’s public keys
– Resolver only needs to know the root public key to
authenticate DNS messages
14
The Domain Name System
l
Basic Internet Database
n
n
l
Maps names to IP addresses
Also stores IPv6 addresses,
edu
mail servers, service
locators, Enum (phone
numbers), etc.
usf
Data organized as tree
structure.
n
Root
Each zone is the
authority for its local data.
15
com
cisco
ibm
uk
co
www
Adapted from slides of Prof. Dan Massey
at Colorado State University
DNSSEC
Provides a “natural” PKI
Root
Maps zones to their keys
Parent-zone sign child
zones’ keys
edu
Keys organized as tree
structure.
usf
Each zone is the
authority for its local data.
A zone’s key is only
effective in its zone
16
com
cisco
ibm
uk
co
www
Adapted from slides of Prof. Dan Massey
at Colorado State University
DNS RR Review
• DNS Resource Record (RR)
– Can be viewed as tuples of the form
<name, TTL, class, type, data>
– types: A (IP address)
MX (mail servers)
NS (name servers)
PTR (reverse look up)
RRSIG (signature)
DNSKEY(public key)
…
17
DNSSEC Records
• Introduce a new data type: RRSIG
name
TTL class type
value
{www.usf.edu. 82310 IN
A 131.247.182.171}
name
TTL class type covered_type
{www.usf.edu. 82310 IN RRSIG
A
…
not after 20171216023910
not before 20151216023910 … usf.edu. key name
Base 64 encoding of signature}
18
DNSSEC Records
• Introduce a new data type: DNSKEY
name
TTL class type
value
{ usf.edu. 82310 IN DNSKEY Base 64 encoding
of public key}
name
TTL class type
covered_type
{ usf.edu. 82310 IN RRSIG DNSKEY
…
not after 20171216023910
not before 20151216023910 …
edu. key name
Base 64 encoding of signature}
19
Authenticated Non-existence
• What if the usf.edu server is asked the IP address of
a non-existent url (e.g. foo.usf.edu)?
– Can’t sign non-existence on the fly because the server
does not have the private key (why?)
• NSEC record
– “The url after eng.usf.edu is health.usf.edu”
– Order all the url’s in a zone and sign all the NSEC records
ahead of time
– Problem: enables zone enumeration
– NSEC3 addresses this concern by using hashes of zone
names instead of zone names themselves
20
Key Management
PKedu
DS Record
NS for .edu
PKusf
PKusf2
Want to change
PKusf to PKusf2
sign
Sig{PKusf }PKedu
PKsigning
NS for usf.edu
…
Do not need to notify
parent if changed
21
Potential Usage of DNSSEC
• If successfully deployed, DNSSEC can
serve as a universal PKI
– Sign public keys for web sites
– Sign public keys for email addresses
22
SSL/TLS
I am Alice
I am Bob, inc
PKB
PKB is Bob’s
public key
E(PKB , s)
{m}KC || MACKM(m)
Alice
Bob
KC, KM = h(s)
DNS-based Authentication of
Named Entities (DANE)
• Use DNSSEC to sign certain statements
(DANE records)
– The currently proposed DANE records
address trust of TLS certificates
• TLSA DANE records
– Yet another type of DNS resource record
(RR)
– Three types of statements
• CA Constraints
• Service Certificate Constraints
• Trust Anchor Assertion
24
Advantages of DANE compared
with X.509
• Real delegation of power
– Better accountability
– More flexibility
– Better damage control
• Clearer semantics
– DANE records only means that “this domain’s
owner says…”
25
Problems of DNSSEC
• Key revocation
– If a zone’s private key is compromised, the damage
continues even after the key is replaced, until the
parent’s cert on the key expires
– Certificate revocation?
• All the revocation problems with digital signatures will apply
– Issue short-term certificates instead?
• Then the upper-level zones will have to be more involved in
maintaining the DNSSEC structure
• Against the initial design principles of DNS: autonomy of
individual zones
26
Deployment Status
• Has been on-going for a number of years
– Check http://www.dnssec-deployment.org/
• Root domain signed July, 2010
– DNSSEC now deployed at key zones
including net, com, gov, and edu.
• “Almost” ready to use at the resolver level
27