SK-DNSSEC

8/2/2019 SK-DNSSEC

1/40

A New Approach to DNSSecurity (DNSSEC)

Author:

Giuseppe Ateniese

Stefan Mangard

Presenter: Liu, Xiaotao

8/2/2019 SK-DNSSEC

2/40

Outline Overview of DNS

Motivation PK-DNSSEC

SK-DNSSEC

Comparison with PK-DNSSEC

Usage of DNSSEC

8/2/2019 SK-DNSSEC

3/40

Outline Overview of DNS

MotivationMotivation PK-DNSSECPK-DNSSEC

SK-DNSSECSK-DNSSEC

Comparison with PK-DNSSECComparison with PK-DNSSEC

Usage of DNSSECUsage of DNSSEC

8/2/2019 SK-DNSSEC

4/40

What is the DNS Domain Name System Distributed database to resolve domain

names Labels translate to Resource Records

Address (A) Mail hosts (MX)

Text (TXT) and much more.

Resource records stored in zones Highly scalable

8/2/2019 SK-DNSSEC

5/40

domain

zone

A DNS tree

.money.net.kids.net

corp.money.net

unix.os.net

mac.os.net

nt.os.net

.os.net

.net .com

marnick.kids.net

dop.kids.net

. root

top level

8/2/2019 SK-DNSSEC

6/40

DNS data

Label ttl class type rdata

Example Zone filedacht.net 7200 IN SOA ns.ripe.net. olaf.ripe.net.(

2001061501 ; Serial43200 ; Refresh 12 hours

14400 ; Retry 4 hours

345600 ; Expire 4 days

7200 ; Negative cache 2 hours

)

dacht.net 7200 IN NS ns.ripe.net.

dacht.net 7200 IN NS ns.high5.net.

pinkje.dacht.net 3600 IN A 193.0.1.162

host25.dacht.net 2600 IN A 193.0.3.25

8/2/2019 SK-DNSSEC

7/40

Common Resource RecordsRECORD TYPE DESCRIPTION USAGE

A An address record Maps FQDN into an IP address

PTR A pointer record Maps an IP address into FQDN

NS A name server record Denotes a name server for a zone

SOA A Start of Authority record Specifies many attributes concerning the zone, suchas the name of the domain (forward or inverse),administrative contact, the serial number of thezone, refresh interval, retry interval, etc.

CNAME A canonical name record Defines an alias name and maps it to the absolute(canonical) name

MX A Mail Exchanger record Used to redirect email for a given domain or host toanother host

8/2/2019 SK-DNSSEC

8/40

DNS resolving

stub

resolver

Question: www.cnn.com

www.cnn.com A ?

resolver

.www.cnn.com A ?

ask .com server

the ip address of .com server

.comwww.cnn.com A ?

ask cnn.com server

the ip address of cnn.com server

cnn.com

www.cnn.com A ?

xxx.xxx.xxx.xxx

xxx.xxx.xxx.xxx

add to cache

www.cnn.com

lab.cs.umass.edudns.cs.umass.edu

8/2/2019 SK-DNSSEC

9/40

DNS Data flow

masterresolver

stub resolver

Zone administrator

Zone file

slavesDynamic

updates

8/2/2019 SK-DNSSEC

10/40

Outline Overview of DNSOverview of DNS

Motivation PK-DNSSECPK-DNSSEC

SK-DNSSECSK-DNSSEC



8/2/2019 SK-DNSSEC

11/40

Data

ProtectionServerProtection

DNS Vulnerabilities

Zone file

slaves

master resolver

stub resolver

Zone

administrator

Dynamic

updates

Cache pollution byData spoofingUnauthorized updates

Corrupting data Impersonating master

Cache impersonation

8/2/2019 SK-DNSSEC

12/40

Why DNSSEC DNSSEC protects against data spoofing

and corruption

DNSSEC also provides mechanisms to

authenticate servers and requests

DNSSEC provides mechanisms toestablish authenticity and integrity

8/2/2019 SK-DNSSEC

13/40


MotivationMotivation PK-DNSSEC

SK-DNSSECSK-DNSSEC



8/2/2019 SK-DNSSEC

14/40

PK-DNSSEC (Public Key) The DNS servers sign (digitally encrypt)the hash of

resource record set with its private keys

Resouce record set: The set of resource records of thesame type.

Public KEYs can be used to verify the SIGs

The authenticity of public KEYs is established by aSIGnature over the keys with the parents private key

In the ideal case, only one public KEY needs to be

distributed off-band (the roots public KEY)

8/2/2019 SK-DNSSEC

15/40

DNSSEC new RRs 2 Public key related RRs

SIG signature over RRset made using private key

KEY public key, needed for verifying a SIG over aRRset, signed by the parents private key

One RR for internal consistency(authenticated denial of data)

NXT RR to indicate which RRset is the next one inthe zone

For non DNSSEC public keys: CERT

8/2/2019 SK-DNSSEC

16/40

SIG RRs Cover each resource record set with a public-key

signature which is stored as a resource record

called SIG RR SIG RRs are computed for every RRset in a zone

file and stored

Add the corresponding pre-calculated signaturefor each RRset in answers to queries

Must include the entire RRset in an answer,

otherwise the resolver could not verify the

signature

8/2/2019 SK-DNSSEC

17/40

SIG(0) Use public-key signature to sign the whole

message each time the server responses the

queries

Provide integrity protection and authentication

of the whole message

Can be scaled to provide authentication ofquery requests

Not be practical to use on a large scale

environment

8/2/2019 SK-DNSSEC

18/40

Compare SIG RRs with SIG(0) More computation on DNS server

caused by SIG(0)

More network traffic caused by SIG

RRs

More storage need by SIG RRs

8/2/2019 SK-DNSSEC

19/40

Verifying the tree

stub

resolver

Question: www.cnn.com

www.cnn.com A ?

resolver

. (root)www.cnn.com A ?

ask .com server

SIG(the ip address and PK of .com server)by its private key

.comwww.cnn.com A ?

ask cnn.com server

SIG(the ip address and PK of cnn.com server)by its private key

cnn.com

www.cnn.com A ?

SIG(xxx.xxx.xxx.xxx)by its private key

xxx.xxx.xxx.xxx

add to cache

www.cnn.com

lab.cs.umass.edudns.cs.umass.edu

transaction

signatures

slave serverstransaction

signatures

8/2/2019 SK-DNSSEC

20/40

Verify a SIG over data using the public

KEY

DNS data is signed with the private key

Verify the SIG with the KEY mentioned

in the SIG record

The key can be found in the DNS or can

be locally configured

Verifying

8/2/2019 SK-DNSSEC

21/40



SK-DNSSEC



8/2/2019 SK-DNSSEC

22/40

SK-DNSSEC (Symmetric

Certificates) The usage of symmetric ciphers through AES or

Blowfish in CBC mode.

The usage of symmetric signatures via MACfunctions.

Combine encryption techniques with MAC

functions as Ek(m, MACl(m)). Each message contains a nonce to avoid replay

attack. A nonce is pair of a random number anda timestamp.

8/2/2019 SK-DNSSEC

23/40

SK-DNSSEC (cont.) Given the DNS tree of domains, each node

shares a key with its parent, called master

key

The root domain has an asymmetric key

pair(public and private key) as well as its own

master key that is not shared with any others

The resolvers must have an authentic copy of

roots public key

8/2/2019 SK-DNSSEC

24/40

Notation

8/2/2019 SK-DNSSEC

25/40

DNS Root Certificate

8/2/2019 SK-DNSSEC

26/40

DNS Request to Root

Info(Pxy) has to minimally contain the identity strings Ix and Iy. Inception and

expiration dates, details about the encryption and authentication algorithms

employed, certificate and key unique identifiers, and the identity of the creator of

the certificate

8/2/2019 SK-DNSSEC

27/40

DNS Request to Intermediate Server

8/2/2019 SK-DNSSEC

28/40

DNS Request to Authoritative Server

8/2/2019 SK-DNSSEC

29/40

For mutual authenticationFor any 0 i n

8/2/2019 SK-DNSSEC

30/40

The problem of PK and SK DNSSEC In SK-DNSSEC, the root servers need to

decrypt the message encrypted by the public

key

In PK-DNSSEC, the potential increase of

network traffic due to larger DNS messages

In PK-DNSSEC, the high cost of verifying the

public-key digital signatures at the resolvers

side

8/2/2019 SK-DNSSEC

31/40

Hybrid Approach

The root servers use PK-DNSSEC

The top-level domains use SK-DNSSEC

8/2/2019 SK-DNSSEC

32/40



SK-DNSSECSK-DNSSEC

Comparison with PK-DNSSEC


8/2/2019 SK-DNSSEC

33/40

8/2/2019 SK-DNSSEC

34/40

Performance

(800M HZ)

8/2/2019 SK-DNSSEC

35/40

Performance (cont.)

8/2/2019 SK-DNSSEC

36/40

Network Traffic

8/2/2019 SK-DNSSEC

37/40

Storage

8/2/2019 SK-DNSSEC

38/40



SK-DNSSECSK-DNSSEC


Usage of DNSSEC

8/2/2019 SK-DNSSEC

39/40

Public-key Distribution System Global real time availability

Easy access to DNS

Scalability

Hierarchical organization

Globally unique names

Globally unique host name

Cryptographic binding of name and key

KEY RR binds DNS names with keys

8/2/2019 SK-DNSSEC

40/40

Q&A

Thank You!

SK-DNSSEC

Documents