DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian
What is DNS? n A replicated, hierarchical, distributed system that provides: n name IP address translation n mail handling information n DNS can use either UDP or TCP protocols n DNS major components: n the domain name space described by the resource records (RR) (e.g., SOA, NS, A, MX,...) n name servers n resolvers
Name resolution process User program Name resolver Local machine System call Resolver’s response Primary name server Cache Refreshes Recursive query References Response Name server Name server Iterative query Response Iterative query Referral
DNS standard message format DNS query DNS response Header Question Answer Authority Additional Header Question Answer Authority Additional
Why is DNS security important? n Used extensively by INTERNET applications! n DNS security problems: n name servers can be easily spoofed and are vulnerable to many types of attacks (DoS, buffer overrun, replay, a.s.o.) n resolvers can be lead into trusting false information n security measures (e.g., ACLs) and mechanisms (e.g., credibility) make spoofing more difficult but not impossible! n June 1997, Eugene Kashpureff (Alternic founder) redirected the internic.net domain to alternic.net by caching bogus information on the Internic name server
DNS cache poisoning attack 1. anyhost.evil.com? 2. anyhost.evil.com? evil.com 3. Store query ID ns.evil.com A.B.C.D Attacker host broker.com any.broker.com cache 4. anyhost.evil.com=A.B.C.E ns.broker.com anyhost.evil.com=A.B.C.E 8. flooding false responses to name server bank.com ns.bank.com 9. A.B.C.D wrong connection to the attacker’s host 11.wrong response from cache
DNSSEC definition n DNS security extensions (RFC ): n SIG- stores digital signatures (asymmetric keys) n KEY- stores public keys n NXT- authenticates the non-existence of names or types of RRs in a domain n DNSSEC deals with RR sets (same label, type and class, different data), not singular RRs! n DNSSEC intends to provide: n data origin authentication and data integrity n key distribution n on a smaller scale - transaction and request authentication
DNSSEC characteristics (1) n KEY RR specifies n the type of key (zone, host, user), n the protocol (DNSSEC, IPSEC, TLS, etc.), n the algorithm (RSA/MD5, DSA, etc.), n SIG RR specifies n the RR type covered (SOA, A, NS, MX, etc.), n the algorithm (RSA/MD5, DSA, etc.), n the inception & expiration times, n the signer key footprint
DNSSEC characteristics (2) n NXT RR specifies n the next name in the zone n all the RR types covered by the current name n The private key is kept off-line and is used to sign the RR sets of the zone file n The public key is published in the KEY RR n The public key of a zone is signed by the parent zone private key n The parent zone signature on the zone’s public key is added to the zone file
DNS and DNSSEC zone files foo.com.SOA… foo.com.NS… a.foo.com.A… d.foo.com. A... foo.com. SOA… foo.com. SIG SOA… foo.com. SIG AXFR… foo.com. NS… foo.com. SIG NS… foo.com. KEY… foo.com. SIG KEY… foo.com. NXT a.foo.com. SOA AXFR NS KEY SIG foo.com. SIG NXT… a.foo.com. A… a.foo.com. SIG A … a.foo.com. NXT d.foo.com. A SIG a.foo.com. SIG NXT… d.foo.com. A… d.foo.com. SIGA… d.foo.com. NXTfoo.com. A SIG d.foo.com. SIGNXT…
DNSSEC chain of trust Root name server of the DNS tree com. Local name server. foo.com. name server host.foo.com host.foo.com. ? It receives the RRs: A, SIG, KEY KEY for com. ? It receives KEY, SIG RRs of com. The public key of root domain is pre - trusted by all the name servers! it. polito.it.
DNS transaction security n Transaction Signature (TSIG) is another security extension using shared secret keys - still an Internet draft! n A better solution - to have communication security between name servers and resolvers n TSIG authenticates DNS queries and responses n TKEY is a meta RR containing the secret key n TSIG, TKEY - not stored in the zone files/cache n PROBLEM: storage of the shared secret! n HMAC/MD5 provides authentication and integrity checking for transactions
DNS as a public key infrastructure n DNS with these security extensions can become the first implementation of a PKI world wide available n DNSSEC “chain of trust” is a model of certification n For storing certificates a new RR is added to DNS - the CERT RR defined in RFC 2538 n CERT can store PGP, X.509, SPKI certificates n RFC 2538 recommends that the size of certificates should be reduced at maximum - if possible, no extensions at all!
Remarks on DNSSEC n In the DNS, cryptography is used for authen- tication/ integrity, not for confidentiality n Attention must be paid to key generation, key storage and key lifetime - (RFC 2541) n Special care for root and TLD’s pair of keys! n Secure resolvers must be configured with some pre-trusted on-line public key (root) n The size of zone files grows up dramatically n Augments the data transferred, the messages (hence, TCP instead of UDP), also the number of computations (CPU cycles) n The responsibility of the administrators increases!
State of the Art n 1998, first prototype of a DNSSEC package based on BIND v4.9.4 produced by TIS Labs (Trusted Information Systems) n The new BIND v9 (ISC) will be a major rewrite of the underlying DNS architecture and will provide support for DNSSEC, TSIG and CERT n RSA Co. provides the DNSsafe cryptographic library for BIND v9
Conclusions n The security extensions provide: n protection of Internet-wide transfers: n the data is signed with public keys (SIG, KEY) n the absence of DNS data is notified (NXT) n protection of local DNS transfers: n the messages between name server and resolver are authenticated (TSIG) n zone transfers between primary/secondary name servers n public key infrastructure: n distribution of public keys for other security aware protocols (KEY) n distribution of different types of certificates (CERT)