Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zone State Revocation (ZSR) for DNSSEC Eric Osterweil (UCLA) Vasileios Pappas (IBM Research) Dan Massey (Colorado State Univ.) Lixia Zhang (UCLA)

Published byGabriel Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "Zone State Revocation (ZSR) for DNSSEC Eric Osterweil (UCLA) Vasileios Pappas (IBM Research) Dan Massey (Colorado State Univ.) Lixia Zhang (UCLA)"— Presentation transcript:

1 Zone State Revocation (ZSR) for DNSSEC Eric Osterweil (UCLA) Vasileios Pappas (IBM Research) Dan Massey (Colorado State Univ.) Lixia Zhang (UCLA)

2 1 Outline What are DNS & DNSSEC Key Revocation Problem Threat Model ZSR Approach ZSR design Conclusion

3 2 DNS Global hierarchical namespaces (zones) ucla.edu is a zone www is a record Largest globally distributed database Too large for standard management approaches Zones use SOA serial numbers to indicate changes Nameservers serve zone data

4 3 Caching in DNS 10’s of millions of zones Caching needed to scale Caching resolvers are between clients and nameservers Caching resolvers walk DNS tree, not client machines 3 types of machines

5 4 Why DNSSEC? Caching is vulnerable Eve can insert her own answer if she responds first DNS has no way to know what data is authentic Clients will get values from their cache and believe them

6 5 DNSSEC DNSSEC is a PKI Public/private keys Parents vouch for children DNSKEY records Public keys Uses pre-generated signatures No “online signing” Signatures valid for definitive period (inception to expiration)

7 6 Problem DNS is one of the largest-scale systems The zones in DNS are all independently run This mandates a very simple protocol Coordination is very difficult DNS can tolerate slight misconfigurations and slow coordination DNSSEC has stricter requirements

8 7 Problem(2) Normally, to change keys one must transition Due to caching, zones must serve old and new keys What about an unplanned emergency? i.e. a private key has been compromised! Need a way to flush millions of remote caches

9 8 Example If Eve can create records and insert them, caching resolvers will use valid keys to “verify” her records.

10 9 Attack Vectors Spoofing attack Eve replies before the real nameserver does Poisoning attack Eve tricks caches into taking data ahead of time Man in the Middle (1) Eve intercepts traffic to a n of m nameservers Man in the Middle (2) Eve intercepts traffic to m of m nameservers

11 10 ZSR’s Approach Signature lifetimes are temporal But emergencies are unplanned Orthogonal to temporal lifetimes In ZSR, zones can override lifetimes ZSR can notify millions of caches to flush compromised records

12 11 ZSR Requirements Designed to be incrementally deployable ZSR must be able to perform 3 operations to be robust against Eve: 1. Prove a key is compromised 2. Revoke data 3. Notify resolvers of revocations

13 12 ZSR’s Mechanism ZSR augments signatures with lease periods Lease: uses zones’ state (serial number) + lease period Signatures are valid while zone’s serial number is less than a lease Leases are broken by increasing serial numbers ZSR introduces a highly-scalable cache update protocol into modern DNS

14 13 Proving Key Compromise After suspecting a zone state change, key revocation must be proven REVKEY is a self-certified revocation certificate of a DNSKEY

15 14 Revoking Data RRSIGs include current inception/expiration dates + zone lease Lease is serial # that invalidates sig Lease is current serial number + L 2 31 based on evaluation Inception Time: 20070101000000 Expiration Time: 20070108000000 Signature Body Inception Time: 20070101000000 Expiration Time: 20070108000000 Lease: 2007010101 + 2 31 Signature Body Lease: 2007010101 + 2 31

16 15 Example Just changing the zone’s state breaks leases, automatically

17 16 Notifying Resolvers After data is cached zones may need to revoke Zones notify by embedding the serial number in every DNS response Once a zone has broken leases, all cached records are flushed

18 17 Example Any query to the zone allows caches to flush revoked signatures Even for different records

19 18 Evaluation DNSSEC data taken from http://secspider.cs.ucla.edu/ http://secspider.cs.ucla.edu/ From 2.5 million zones 50,000 were randomly chosen and monitored DNS data observed during May, 2006 Query patterns taken from North American University 821 unique stub-resolvers 117,540 DNS names 55,632 unique zones

20 19 Feasibility DNSSEC data shows vulnerability period is a significant concern Our evaluation shows overloading the SOA serial number is unlikely to impair its current usage Sample usage pattern shows ZSR can significantly reduce zone vulnerability

21 20 Conclusion Emergencies will happen Lack of a revocation mechanism is a serious liability in DNSSEC ZSR is a scalable protocol to flush revoked keys at Internet scales ZSR uses existing mechanisms and can be incrementally deployed

22 21 Thank You Questions?

23 22 Backup

24 23 Spoofing Eve can spoof data, but she needs: To get the DNS query sequence # Spoof src/dst IP/port info Be faster than the real nameserver And must (likely) be on the local subnet

25 24 Poisoning Eve can poison caches If a cache asks Eve’s zone for anything, it may store everything she responds with She can add www.target.sec data with her own zone’s datawww.target.sec

26 25 Man in the Middle (1) If Eve can intercept all traffic to some of target.sec’s nameservers She can snoop, reply to, drop, etc. However, this will not be true for traffic to other nameservers

27 26 Man in the Middle (2) Eve has the same capacity as in the Man in the Middle (1) vector, but for all nameservers This does not imply that Eve can intercept all Internet traffic for C

28 27 DNSSEC Signature Lifetimes DS records (secure delegation records) 3 - 30 signature lifetimes Average 17.03 days DNSKEY signature lifetimes 3 - 30 days Average 26.45 days Without ZSR, zones must (potentially) wait this long for caching effects

29 28 SOA Serial Number 80% of monitored zones did not change their serial number Of remaining 20%, the period was 13.5 hours 99.2% seem to mishandle serial numbers Incorrect padding leads to ± 2.2 8 oscillations ZSR can choose 2 31 as its lease-breaking value and stand out

30 29 Zone Access Patterns Window of vulnerability defined by query patterns Without ZSR, vulnerability independent of attack ZSR reduces window But unpopular zones skew results Only queried once during sample period

31 30 Query-Based Performance Using query rates Zone is only vulnerable if users are querying for its data This figure shows the number of queries vulnerable to each type of attack

Download ppt "Zone State Revocation (ZSR) for DNSSEC Eric Osterweil (UCLA) Vasileios Pappas (IBM Research) Dan Massey (Colorado State Univ.) Lixia Zhang (UCLA)"

Similar presentations

Decentralized User Authentication in a Global File System Max Meisterhans - Seminar in Distributed Computing WS 05/06.

Decentralized User Authentication in a Global File System Max Meisterhans - Seminar in Distributed Computing WS 05/06.
DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.

DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Measuring DNSSEC validation i.e. how to do it Ólafur Guðmundsson Steve Crocker ogud, steve at shinkuro.com.

Measuring DNSSEC validation i.e. how to do it Ólafur Guðmundsson Steve Crocker ogud, steve at shinkuro.com.
DNS Security Overview AROC Guatemala July 2010. What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.

BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
Information-Centric Networks03c-1 Week 3 / Paper 3 The design and implementation of a next generation name service for the Internet –Venugopalan Ramasubramanian.

Information-Centric Networks03c-1 Week 3 / Paper 3 The design and implementation of a next generation name service for the Internet –Venugopalan Ramasubramanian.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao.

A New Approach to DNS Security (DNSSEC) Author: Giuseppe Ateniese Stefan Mangard Presenter: Liu, Xiaotao.
DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.
1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
Security and Information Assurance for the DNS Dan Massey USC/ISI.

Security and Information Assurance for the DNS Dan Massey USC/ISI.
1 Observations from the DNSSEC Deployment Dan Massey Colorado State University Joint work with Eric Osterweil and Lixia Zhang UCLA.

1 Observations from the DNSSEC Deployment Dan Massey Colorado State University Joint work with Eric Osterweil and Lixia Zhang UCLA.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

Similar presentations

Ads by Google