Download ppt - 3a3

DNS SecurityA.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security GroupPolitecnico di Torino (Italy)presented by: Marius Marian

What is DNS?A replicated, hierarchical, distributed system that provides:name IP address translationmail handling informationDNS can use either UDP or TCP protocolsDNS major components:the domain name space described by the resource records (RR) (e.g., SOA, NS, A, MX, ...)name serversresolvers

Name resolution processUser programName resolverLocal machinePrimaryname serverCacheName serverName server

DNS standard message formatDNS queryDNS responseHeaderQuestionAnswerAuthorityAdditionalHeaderQuestionAnswerAuthorityAdditional

qr, rd

mydomain.com, type = NS, class = IN

EMPTY

EMPTY

EMPTY

qr, rd, ra, aa

mydomain.com, type = NS, class = IN

mydomain.com. 20h55m21s IN NS securens.mydomain.com.

mydomain.com. 20h55m21s IN NS securens.mydomain.com.

securens.mydomain.com. 20h55m21s IN A 131.87.24.1

Why is DNS security important?Used extensively by INTERNET applications!DNS security problems:name servers can be easily spoofed and are vulnerable to many types of attacks (DoS, buffer overrun, replay, a.s.o.)resolvers can be lead into trusting false informationsecurity measures (e.g., ACLs) and mechanisms (e.g., credibility) make spoofing more difficult but not impossible!June 1997, Eugene Kashpureff (Alternic founder) redirected the internic.net domain to alternic.net by caching bogus information on the Internic name server

DNS cache poisoning attackevil.com3. Store query IDns.evil.comA.B.C.DAttacker hostbroker.comany.broker.comcachens.broker.combank.comns.bank.com

DNSSEC definitionDNS security extensions (RFC 2535 - 2537):SIG- stores digital signatures (asymmetric keys)KEY- stores public keysNXT- authenticates the non-existence of names or types of RRs in a domainDNSSEC deals with RR sets (same label, type and class, different data), not singular RRs!DNSSEC intends to provide:data origin authentication and data integritykey distributionon a smaller scale - transaction and request authentication

DNSSEC characteristics (1)KEY RR specifies the type of key (zone, host, user),the protocol (DNSSEC, IPSEC, TLS, etc.),the algorithm (RSA/MD5, DSA, etc.),

SIG RR specifies the RR type covered (SOA, A, NS, MX, etc.),the algorithm (RSA/MD5, DSA, etc.),the inception & expiration times,the signer key footprint

DNSSEC characteristics (2)NXT RR specifies the next name in the zone all the RR types covered by the current nameThe private key is kept off-line and is used to sign the RR sets of the zone fileThe public key is published in the KEY RRThe public key of a zone is signed by the parent zone private keyThe parent zone signature on the zones public key is added to the zone file

DNS and DNSSEC zone filesfoo.com.SOAfoo.com.NSa.foo.com.A d.foo.com. A ... foo.com. SOAfoo.com. SIG SOAfoo.com. SIG AXFRfoo.com. NSfoo.com. SIG NSfoo.com. KEYfoo.com. SIG KEYfoo.com. NXT a.foo.com. SOA AXFR NS KEY SIGfoo.com. SIG NXTa.foo.com. Aa.foo.com. SIG A a.foo.com. NXT d.foo.com. A SIGa.foo.com. SIG NXTd.foo.com. Ad.foo.com. SIGAd.foo.com. NXTfoo.com. A SIGd.foo.com. SIGNXT

DNSSEC chain of trustRoot name server of the DNS treecom. Local name server.foo.com.name servername serverhost.foo.com.131.195.21.25The public key of root domain is pre - trusted by all the name servers!it.polito.it.

DNS transaction securityTransaction Signature (TSIG) is another security extension using shared secret keys - still an Internet draft!A better solution - to have communication security between name servers and resolversTSIG authenticates DNS queries and responsesTKEY is a meta RR containing the secret keyTSIG, TKEY - not stored in the zone files/cachePROBLEM: storage of the shared secret!HMAC/MD5 provides authentication and integrity checking for transactions

DNS as a public key infrastructureDNS with these security extensions can become the first implementation of a PKI world wide availableDNSSEC chain of trust is a model of certificationFor storing certificates a new RR is added to DNS - the CERT RR defined in RFC 2538CERT can store PGP, X.509, SPKI certificatesRFC 2538 recommends that the size of certificates should be reduced at maximum - if possible, no extensions at all!

Remarks on DNSSECIn the DNS, cryptography is used for authen-tication/ integrity, not for confidentialityAttention must be paid to key generation, key storage and key lifetime - (RFC 2541)Special care for root and TLDs pair of keys!Secure resolvers must be configured with some pre-trusted on-line public key (root)The size of zone files grows up dramaticallyAugments the data transferred, the messages (hence, TCP instead of UDP), also the number of computations (CPU cycles)The responsibility of the administrators increases!

State of the Art1998, first prototype of a DNSSEC package based on BIND v4.9.4 produced by TIS Labs (Trusted Information Systems)The new BIND v9 (ISC) will be a major rewrite of the underlying DNS architecture and will provide support for DNSSEC, TSIG and CERTRSA Co. provides the DNSsafe cryptographic library for BIND v9

ConclusionsThe security extensions provide:protection of Internet-wide transfers:the data is signed with public keys (SIG, KEY)the absence of DNS data is notified (NXT)protection of local DNS transfers:the messages between name server and resolver are authenticated (TSIG)zone transfers between primary/secondary name serverspublic key infrastructure:distribution of public keys for other security aware protocols (KEY)distribution of different types of certificates (CERT)

DNS Security Marius Marian - Politecnico di Torino (2000)DNS Security Marius Marian - Politecnico di Torino (2000)DNS Security Marius Marian - Politecnico di Torino (2000)DNS Security Marius Marian - Politecnico di Torino (2000)DNS Security Marius Marian - Politecnico di Torino (2000)DNS Security Marius Marian - Politecnico di Torino (2000)DNS Security Marius Marian - Politecnico di Torino (2000)