140 likes | 246 Vues
DNS Security. A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy). presented by: Marius Marian. What is DNS?. A replicated , hierarchical , distributed system that provides: name <=> IP address translation mail handling information
E N D
DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian
What is DNS? • A replicated, hierarchical, distributed system that provides: • name <=> IP address translation • mail handling information • DNS can use either UDP or TCP protocols • DNS major components: • the domain name space described by the resource records (RR) (e.g., SOA, NS, A, MX, ...) • name servers • resolvers
Why is DNS security important? • Used extensively by INTERNET applications! • DNS security problems: • name servers can be easily spoofed and are vulnerable to many types of attacks (DoS, buffer overrun, replay, a.s.o.) • resolvers can be lead into trusting false information • security measures (e.g., ACLs) and mechanisms (e.g., credibility) make spoofing more difficult but not impossible! • June 1997, Eugene Kashpureff (Alternic founder) redirected the internic.net domain to alternic.net by caching bogus information on the Internic name server
2. anyhost.evil.com? 1. anyhost.evil.com? 5. anyhost.evil.com=A.B.C.E 9.www.bank.com= A.B.C.D 4. anyhost.evil.com=A.B.C.E 10.www.bank.com? 6. www.bank.com? 8. www.bank.com=A.B.C.D 11.wrong response from cache flooding false responses to name server 12. wrong connection to the attacker’s host 7. www.bank.com DNS cache poisoning attack broker.com evil.com ns.broker.com ns.evil.com cache 3. Store query ID Attacker host A.B.C.D any.broker.com bank.com ns.bank.com
DNSSEC definition • DNS security extensions (RFC 2535 - 2537): • SIG - stores digital signatures (asymmetric keys) • KEY - stores public keys • NXT - authenticates the non-existence of names or types of RRs in a domain • DNSSEC deals with RR sets (same label, type and class, different data), not singular RRs! • DNSSEC intends to provide: • data origin authentication and data integrity • key distribution • on a smaller scale - transaction and request authentication
DNSSEC characteristics (1) • KEY RR specifies • the type of key (zone, host, user), • the protocol (DNSSEC, IPSEC, TLS, etc.), • the algorithm (RSA/MD5, DSA, etc.), • SIG RR specifies • the RR type covered (SOA, A, NS, MX, etc.), • the algorithm (RSA/MD5, DSA, etc.), • the inception & expiration times, • the signer key footprint
DNSSEC characteristics (2) • NXT RR specifies • the next name in the zone • all the RR types covered by the current name • The private key is kept off-line and is used to sign the RR sets of the zone file • The public key is published in the KEY RR • The public key of a zone is signed by the parent zone private key • The parent zone signature on the zone’s public key is added to the zone file
DNS and DNSSEC zone files • foo.com. SOA … • foo.com. SIG SOA … • foo.com. SIG AXFR … • foo.com. NS … • foo.com. SIG NS … • foo.com. KEY … • foo.com. SIG KEY … • foo.com. NXT a.foo.com. SOA AXFR NS KEY SIG • foo.com. SIG NXT … • a.foo.com. A … • a.foo.com. SIG A … • a.foo.com. NXT d.foo.com. A SIG • a.foo.com. SIG NXT … • d.foo.com. A … • d.foo.com. SIG A … • d.foo.com. NXT foo.com. A SIG • d.foo.com. SIG NXT … foo.com. SOA … foo.com. NS … a.foo.com. A … d.foo.com. A ...
KEY for com. ? It receives KEY, SIG RRs of com. host.foo.com. ? It receives the RRs: A, SIG, KEY DNSSEC chain of trust . The public key of root domain is pre - trusted by all the name servers! Root name server of the DNS tree com. it. name server foo.com. name server polito.it. Local name server host.foo.com. 131.195.21.25
DNS transaction security • Transaction Signature (TSIG) is another security extension using shared secret keys - stillan Internet draft! • A better solution - to have communication security between name servers and resolvers • TSIG authenticates DNS queries and responses • TKEY is a meta RR containing the secret key • TSIG, TKEY - not stored in the zone files/cache • PROBLEM: storage of the shared secret! • HMAC/MD5 provides authentication and integrity checking for transactions
DNS as a public key infrastructure • DNS with these security extensions can become the first implementation of a PKI world wide available • DNSSEC “chain of trust” is a model of certification • For storing certificates a new RR is added to DNS - the CERT RR defined in RFC 2538 • CERT can store PGP, X.509, SPKI certificates • RFC 2538 recommends that the size of certificates should be reduced at maximum - if possible, no extensions at all!
Remarks on DNSSEC • In the DNS, cryptography is used for authen-tication/ integrity, not for confidentiality • Attention must be paid to key generation, key storage and key lifetime - (RFC 2541) • Special care for root and TLD’s pair of keys! • Secure resolvers must be configured with some pre-trusted on-line public key (root) • The size of zone files grows up dramatically • Augments the data transferred, the messages (hence, TCP instead of UDP), also the number of computations (CPU cycles) • The responsibility of the administrators increases!
State of the Art • 1998, first prototype of a DNSSEC package based on BIND v4.9.4 produced by TIS Labs (Trusted Information Systems) • The new BIND v9 (ISC) will be a majorrewrite of the underlying DNS architecture and will provide support for DNSSEC, TSIG and CERT • RSA Co. provides the DNSsafe cryptographic library for BIND v9
Conclusions • The security extensions provide: • protection of Internet-wide transfers: • the data is signed with public keys (SIG, KEY) • the absence of DNS data is notified (NXT) • protection of local DNS transfers: • the messages between name server and resolver are authenticated (TSIG) • zone transfers between primary/secondary name servers • public key infrastructure: • distribution of public keys for other security aware protocols (KEY) • distribution of different types of certificates (CERT)