8/2/2019 SK-DNSSEC
1/40
A New Approach to DNSSecurity (DNSSEC)
Author:
Giuseppe Ateniese
Stefan Mangard
Presenter: Liu, Xiaotao
8/2/2019 SK-DNSSEC
2/40
Outline Overview of DNS
Motivation PK-DNSSEC
SK-DNSSEC
Comparison with PK-DNSSEC
Usage of DNSSEC
8/2/2019 SK-DNSSEC
3/40
Outline Overview of DNS
MotivationMotivation PK-DNSSECPK-DNSSEC
SK-DNSSECSK-DNSSEC
Comparison with PK-DNSSECComparison with PK-DNSSEC
Usage of DNSSECUsage of DNSSEC
8/2/2019 SK-DNSSEC
4/40
What is the DNS Domain Name System Distributed database to resolve domain
names Labels translate to Resource Records
Address (A) Mail hosts (MX)
Text (TXT) and much more.
Resource records stored in zones Highly scalable
8/2/2019 SK-DNSSEC
5/40
domain
zone
A DNS tree
.money.net.kids.net
corp.money.net
unix.os.net
mac.os.net
nt.os.net
.os.net
.net .com
marnick.kids.net
dop.kids.net
. root
top level
8/2/2019 SK-DNSSEC
6/40
DNS data
Label ttl class type rdata
Example Zone filedacht.net 7200 IN SOA ns.ripe.net. olaf.ripe.net.(
2001061501 ; Serial43200 ; Refresh 12 hours
14400 ; Retry 4 hours
345600 ; Expire 4 days
7200 ; Negative cache 2 hours
)
dacht.net 7200 IN NS ns.ripe.net.
dacht.net 7200 IN NS ns.high5.net.
pinkje.dacht.net 3600 IN A 193.0.1.162
host25.dacht.net 2600 IN A 193.0.3.25
8/2/2019 SK-DNSSEC
7/40
Common Resource RecordsRECORD TYPE DESCRIPTION USAGE
A An address record Maps FQDN into an IP address
PTR A pointer record Maps an IP address into FQDN
NS A name server record Denotes a name server for a zone
SOA A Start of Authority record Specifies many attributes concerning the zone, suchas the name of the domain (forward or inverse),administrative contact, the serial number of thezone, refresh interval, retry interval, etc.
CNAME A canonical name record Defines an alias name and maps it to the absolute(canonical) name
MX A Mail Exchanger record Used to redirect email for a given domain or host toanother host
8/2/2019 SK-DNSSEC
8/40
DNS resolving
stub
resolver
Question: www.cnn.com
www.cnn.com A ?
resolver
.www.cnn.com A ?
ask .com server
the ip address of .com server
.comwww.cnn.com A ?
ask cnn.com server
the ip address of cnn.com server
cnn.com
www.cnn.com A ?
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
add to cache
www.cnn.com
lab.cs.umass.edudns.cs.umass.edu
8/2/2019 SK-DNSSEC
9/40
DNS Data flow
masterresolver
stub resolver
Zone administrator
Zone file
slavesDynamic
updates
8/2/2019 SK-DNSSEC
10/40
Outline Overview of DNSOverview of DNS
Motivation PK-DNSSECPK-DNSSEC
SK-DNSSECSK-DNSSEC
Comparison with PK-DNSSECComparison with PK-DNSSEC
Usage of DNSSECUsage of DNSSEC
8/2/2019 SK-DNSSEC
11/40
Data
ProtectionServerProtection
DNS Vulnerabilities
Zone file
slaves
master resolver
stub resolver
Zone
administrator
Dynamic
updates
Cache pollution byData spoofingUnauthorized updates
Corrupting data Impersonating master
Cache impersonation
8/2/2019 SK-DNSSEC
12/40
Why DNSSEC DNSSEC protects against data spoofing
and corruption
DNSSEC also provides mechanisms to
authenticate servers and requests
DNSSEC provides mechanisms toestablish authenticity and integrity
8/2/2019 SK-DNSSEC
13/40
Outline Overview of DNSOverview of DNS
MotivationMotivation PK-DNSSEC
SK-DNSSECSK-DNSSEC
Comparison with PK-DNSSECComparison with PK-DNSSEC
Usage of DNSSECUsage of DNSSEC
8/2/2019 SK-DNSSEC
14/40
PK-DNSSEC (Public Key) The DNS servers sign (digitally encrypt)the hash of
resource record set with its private keys
Resouce record set: The set of resource records of thesame type.
Public KEYs can be used to verify the SIGs
The authenticity of public KEYs is established by aSIGnature over the keys with the parents private key
In the ideal case, only one public KEY needs to be
distributed off-band (the roots public KEY)
8/2/2019 SK-DNSSEC
15/40
DNSSEC new RRs 2 Public key related RRs
SIG signature over RRset made using private key
KEY public key, needed for verifying a SIG over aRRset, signed by the parents private key
One RR for internal consistency(authenticated denial of data)
NXT RR to indicate which RRset is the next one inthe zone
For non DNSSEC public keys: CERT
8/2/2019 SK-DNSSEC
16/40
SIG RRs Cover each resource record set with a public-key
signature which is stored as a resource record
called SIG RR SIG RRs are computed for every RRset in a zone
file and stored
Add the corresponding pre-calculated signaturefor each RRset in answers to queries
Must include the entire RRset in an answer,
otherwise the resolver could not verify the
signature
8/2/2019 SK-DNSSEC
17/40
SIG(0) Use public-key signature to sign the whole
message each time the server responses the
queries
Provide integrity protection and authentication
of the whole message
Can be scaled to provide authentication ofquery requests
Not be practical to use on a large scale
environment
8/2/2019 SK-DNSSEC
18/40
Compare SIG RRs with SIG(0) More computation on DNS server
caused by SIG(0)
More network traffic caused by SIG
RRs
More storage need by SIG RRs
8/2/2019 SK-DNSSEC
19/40
Verifying the tree
stub
resolver
Question: www.cnn.com
www.cnn.com A ?
resolver
. (root)www.cnn.com A ?
ask .com server
SIG(the ip address and PK of .com server)by its private key
.comwww.cnn.com A ?
ask cnn.com server
SIG(the ip address and PK of cnn.com server)by its private key
cnn.com
www.cnn.com A ?
SIG(xxx.xxx.xxx.xxx)by its private key
xxx.xxx.xxx.xxx
add to cache
www.cnn.com
lab.cs.umass.edudns.cs.umass.edu
transaction
signatures
slave serverstransaction
signatures
8/2/2019 SK-DNSSEC
20/40
Verify a SIG over data using the public
KEY
DNS data is signed with the private key
Verify the SIG with the KEY mentioned
in the SIG record
The key can be found in the DNS or can
be locally configured
Verifying
8/2/2019 SK-DNSSEC
21/40
Outline Overview of DNSOverview of DNS
MotivationMotivation PK-DNSSECPK-DNSSEC
SK-DNSSEC
Comparison with PK-DNSSECComparison with PK-DNSSEC
Usage of DNSSECUsage of DNSSEC
8/2/2019 SK-DNSSEC
22/40
SK-DNSSEC (Symmetric
Certificates) The usage of symmetric ciphers through AES or
Blowfish in CBC mode.
The usage of symmetric signatures via MACfunctions.
Combine encryption techniques with MAC
functions as Ek(m, MACl(m)). Each message contains a nonce to avoid replay
attack. A nonce is pair of a random number anda timestamp.
8/2/2019 SK-DNSSEC
23/40
SK-DNSSEC (cont.) Given the DNS tree of domains, each node
shares a key with its parent, called master
key
The root domain has an asymmetric key
pair(public and private key) as well as its own
master key that is not shared with any others
The resolvers must have an authentic copy of
roots public key
8/2/2019 SK-DNSSEC
24/40
Notation
8/2/2019 SK-DNSSEC
25/40
DNS Root Certificate
8/2/2019 SK-DNSSEC
26/40
DNS Request to Root
Info(Pxy) has to minimally contain the identity strings Ix and Iy. Inception and
expiration dates, details about the encryption and authentication algorithms
employed, certificate and key unique identifiers, and the identity of the creator of
the certificate
8/2/2019 SK-DNSSEC
27/40
DNS Request to Intermediate Server
8/2/2019 SK-DNSSEC
28/40
DNS Request to Authoritative Server
8/2/2019 SK-DNSSEC
29/40
For mutual authenticationFor any 0 i n
8/2/2019 SK-DNSSEC
30/40
The problem of PK and SK DNSSEC In SK-DNSSEC, the root servers need to
decrypt the message encrypted by the public
key
In PK-DNSSEC, the potential increase of
network traffic due to larger DNS messages
In PK-DNSSEC, the high cost of verifying the
public-key digital signatures at the resolvers
side
8/2/2019 SK-DNSSEC
31/40
Hybrid Approach
The root servers use PK-DNSSEC
The top-level domains use SK-DNSSEC
8/2/2019 SK-DNSSEC
32/40
Outline Overview of DNSOverview of DNS
MotivationMotivation PK-DNSSECPK-DNSSEC
SK-DNSSECSK-DNSSEC
Comparison with PK-DNSSEC
Usage of DNSSECUsage of DNSSEC
8/2/2019 SK-DNSSEC
33/40
8/2/2019 SK-DNSSEC
34/40
Performance
(800M HZ)
8/2/2019 SK-DNSSEC
35/40
Performance (cont.)
8/2/2019 SK-DNSSEC
36/40
Network Traffic
8/2/2019 SK-DNSSEC
37/40
Storage
8/2/2019 SK-DNSSEC
38/40
Outline Overview of DNSOverview of DNS
MotivationMotivation PK-DNSSECPK-DNSSEC
SK-DNSSECSK-DNSSEC
Comparison with PK-DNSSECComparison with PK-DNSSEC
Usage of DNSSEC
8/2/2019 SK-DNSSEC
39/40
Public-key Distribution System Global real time availability
Easy access to DNS
Scalability
Hierarchical organization
Globally unique names
Globally unique host name
Cryptographic binding of name and key
KEY RR binds DNS names with keys
8/2/2019 SK-DNSSEC
40/40
Q&A
Thank You!