Increased DNS Forgery Resistance Through 0x20-Bit Encoding Written By: David Dagon Manos Antonakakis Paul Vixie Georgia Institute of Georgia Institute of Internet Systems . Technology Technology Consortium Wenke Lee Tatuya Jinmei Presented By: Georgia Institute of Internet Systems Consortium Jarrod Williams Technology
28
Embed
Written By: David Dagon Manos Antonakakis Paul Vixie Georgia Institute of Georgia Institute ofInternet Systems. Technology Technology Consortium Wenke.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Increased DNS Forgery Resistance
Through 0x20-Bit Encoding
Written By:
David Dagon Manos Antonakakis Paul Vixie
Georgia Institute of Georgia Institute of Internet Systems . Technology Technology
Consortium
Wenke Lee Tatuya Jinmei Presented By:
Georgia Institute of Internet Systems Consortium Jarrod Williams
Technology
Overview
Domain Name System(DNS)
0x20 Bit Encoding
Conclusion
Outline
DNS labels, matching, and the resolution process are all case insensitive
DNS query strings can have the alphabetical characters switched between lower case and upper by adding 0x20 or subtracting 0x20
Using different capitalization schemes DNS queries can be made unique and more resistant to DNS poisoning attacks
Overview
Domain Name Field Value◦ Uppercase = 0, Lowercase = 1
www.example.com 1111111111111
WWW.EXAMPLE.COM 0000000000000
WwW.eXaMpLe.CoM 0101010101010
wWw.ExAmPlE.cOm 1010101010101
Overview
No radical changes
Protocol Stability
Backward Compatible
To protect the recursive resolver in its transaction with the authority servers
Goals
Overview
Domain Name System(DNS)
0x20 Bit Encoding
Conclusion
Outline
is a hierarchical naming system for computers, services, and any other resource participating on the internet to associate various information with domain names
DNS initiators on host machines are called stub resolvers
Domain Name System (DNS)
Each domain is a node
Each zone consist of many nodes
Each node can have a subzone
DNS authority servers are sometimes called the SOA or Start of Authority.
Domain Name System (DNS)
Domain Name Hierarchy
First, the stub resolver sends the query to the recursive server
Next, the recursive resolver consults with the root servers
Then the recursive server will consult with the “.com” zone authority servers
Finally, the answer is returned to the stub resolver, and cached by the recursive resolver to assist in future resolutions.
How DNS Operates
Simplified DNS Model
Is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources
Attackers exploit DNS software by making it accept incorrect information and if the DNS response to the server is not accurately validated, it will end up caching the incorrect entries locally and serve them to users that make the same request
DNS Cache Poisoning
Cache Poisoning Window
Overview
Domain Name System(DNS)
0x20 Bit Encoding
Conclusion
Outline
A DNS query is not copied into memory, it is rewritten just as it arrives over the wire
Almost all authority DNS servers preserve the case encoding of DNS queries, bit-for-bit, as they are presented by the recursive server
A pattern of mixed case encoding of domain names, make unique transactions between DNS initiators and responders and provides an additional means to track messages between servers
0x20 Bit Encoding
A domain name input arrives as an answer from a server, or a query from a stub resolver
Transform the query field into a canonical format
Use a chosen encryption scheme to encrypt the canonical query
Bits are read in sequential fashion one byte at a time and all “0x20 capable” characters are encoded
0x20 Bit Encoding Algorithm
if the jth bit is 0, make the i query character upper case (i.e., buff[i] |= 0x20)
if the jth bit is 1, make the i query character lower case(i.e., buff[i] &= 0x20)
This produces a 0x20-encoded domain name that can be sent to an authority server, it can also be used to verify the query field returned by an authority server.
0x20 Bit Encoding Algorithm
0x20 capable character is a letter character on the ASCII table in hexadecimal format
American Standard Code for Information Interchange (ASCII)