Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private DNS Phillip Hallam-Baker. Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice.

Published byShanon Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "Private DNS Phillip Hallam-Baker. Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice."— Presentation transcript:

1 Private DNS Phillip Hallam-Baker

2 Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice of resolver Service Protect resolver (resource exhaustion) Protect third parties (amplification)

3 Constraints (from OCSP Experience) Must work in 100% of network circumstances In hotels, coffee shops, etc. etc. Cannot increase latency Almost as good is not sufficient A modest performance penalty is acceptable for dealing with edge cases (no more than 5%)

4 Architecture I Service connection establishment User specifies resolution service ‘dns.example.com’ Use HTTPS/JSON Web service to establish connection to service Hosts to use IP Address / Kerberos Ticket / Shared Secret / Algorithms Protocol version / formats / options TLS & WebPKI used to establish connection Performance is not an issue as this is not inside the transaction loop

5 Architecture II Resolution Protocol UDP Simple session layer 1 request packet, 0-16 response packets Every message is authenticated and encrypted Messages can contain padding to guard against traffic analysis attack TLS Wrap above packets in HTTPS or TLS in addition Provides a fallback protocol with near 100% connectivity

6 Applications Anonymous use The service connection establishment request is not authenticated Enterprise customer Likely early adopter market Private-DNS is likely connecting to split horizon DNS Service connection establishment request is authenticated

7 Complexity Strategy Resolution protocol is very simple Framing is described in 2 pages using TLS schema syntax JCX Service connection mechanism can be simple or complex as needed Reusable component Private-DNS What is the A record of example.net Omnibroker “How does alice@example.com connect to geolocate at example.net”alice@example.com Omnipublish “geolocate service starting at example.net”

8 Open Questions Is an additional layer of crypto desirable? Can easily add an intermediate layer of crypto Use a public key as the long term host key Negotiate session key for use each time IP address changes. A: Probably, now just waiting for CFRG ECC outcome

Download ppt "Private DNS Phillip Hallam-Baker. Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security

Cryptography and Network Security
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google