NSEC3 Hash Breaking. GPU-based. Matthäus Wander, Lorenz Schwittmann, Christopher Boelmann, Torben Weis IEEE NCA
|
|
- Grace Nash
- 8 years ago
- Views:
Transcription
1 GPU-based NSEC3 Hash Breaking Matthäus Wander, Lorenz Schwittmann, Christopher Boelmann, Torben Weis IEEE NCA 2014 Cambridge, August 22, 2014
2 NSEC3 FUNDAMENTALS Matthäus Wander 2
3 Secure Denial of Existence with DNSSEC Query: www? ftp mail ns1 www Matthäus Wander 3
4 Secure Denial of Existence with DNSSEC Query: www? www A ftp mail ns1 Response www Signed resource record Authenticity verified with PKI built into DNSSEC Matthäus Wander 4
5 Secure Denial of Existence with DNSSEC Query: test? ftp mail ns1 Not found www Query name: n Matthäus Wander 5
6 Secure Denial of Existence with DNSSEC Query: test? ftp mail ns1 Not found www Query name: n NSEC Matthäus Wander 6
7 Secure Denial of Existence with DNSSEC Query: test? ns1 NSEC www ftp mail ns1 Query name: Response: n Not found (r 1,r2 ) with r1 n r2 www NSEC Matthäus Wander 7
8 Zone Enumeration Copy DNSSEC zone by crawling NSEC records Nominet (.uk) position: Zone file enumeration is a show-stopper for us that will prevent us from fully implementing DNSSEC. DENIC (.de) position: In conflict with Germany s Federal Data Protection Act Matthäus Wander 8
9 Secure Denial of Existence with DNSSEC Query: test? ftp mail ns1 Not found www NSEC Matthäus Wander 9
10 Secure Denial of Existence with DNSSEC Query: test? ftp mail ns1 3a45 78a1 8e5d Not found Hash query name: h(n) www NSEC b105 NSEC3 Matthäus Wander 10
11 Secure Denial of Existence with DNSSEC Query: test? 78a1 NSEC3 8e5d Not found ftp mail ns1 www 3a45 78a1 8e5d b105 Hash query name: Response: h(n) NSEC NSEC3 (h(r1 ), h(r2 )) with h(r1 ) h(n) h(r2 ) Matthäus Wander 11
12 Reasons for and against NSEC3 Privacy Opt-out feature CPU load Message size How well does NSEC3 prevent zone enumeration? Matthäus Wander 12
13 NSEC3 Definition domain name salt h(n, s, 0 ) SHA1( n s ) h(n, s, i) SHA1( h(n,s,i 1) s ), for i 0 additional iterations Repeated SHA1 computation Salt is identical for all names in a DNSSEC zone Matthäus Wander 13
14 May 2014 Top-Level Domain Survey TLD i Salt at. 5 b4c3ee8e123154f8 ch. 2 e7bd8151 cn. 10 aef123ab com. 0 de. 15 ba5eba11 eu. 1 5ca1ab1e fr. 1 41b69d30 TLD i Salt info. 1 d399eaab jp. 8 f5435b71d7 net. 0 nl. 5 c9545f07a61d0d33 org. 1 d399eaab ru. 3 00ff uk use NSEC3, 53 use NSEC, 185 not signed 60% of TLDs with NSEC3 use i=1 42% of TLDs with NSEC3 change the salt Matthäus Wander 14
15 ATTACKING NSEC3 1. Collect hashes 2. Reverse hashes Matthäus Wander 15
16 Why AMD Graphic Cards? Matthäus Wander 16
17 ATTACKING NSEC3 1. Collect hashes 2. Reverse hashes Matthäus Wander 17
18 Hash Crawling Retrieve NSEC3 hashes from name server Send queries for random non-existing names M8eZcl8.com? 78a1 NSEC3 8e5d Not found Check hash before sending query NSEC3 gap NSEC3 gap NSEC3 gap Matthäus Wander 18
19 Crawling 345,000 Hashes from.com 1e+12 1e+10 1e+08 1e Hashing attempts Gaps in use 00:00 02:00 04:00 06:00 08:00 10:00 12:00 Time in hours Matthäus Wander 19
20 ATTACKING NSEC3 1. Collect hashes 2. Reverse hashes Matthäus Wander 20
21 GPU-based NSEC3 Hash Breaking Iterate through cleartext candidate names Compute NSEC3 hash, compare with known hashes Global memory access on GPU is expensive Bloom filter for 300% speedup Start Python Generate next name Create bloom filter Start OpenCL kernel Retrieve names Compute hash value Hit? Yes Write name No Done Yes End? No Matthäus Wander 21
22 Brute-Force Attack 1 to 8 characters 9 characters Matthäus Wander 22
23 Dictionary Attack Effectiveness depends on dictionary quality Good public lists (Alexa, Quantcast) List of all IPv4 reverse mappings (not exhaustive!) 7.1 mio candidate names Generate more candidates by inserting strings Insert most common 200,000 n-grams (with 1 n 15) foo.com. e efoo.com. feoo.com. foeo.com. fooe.com. Matthäus Wander 23
24 Dictionary Attack Matthäus Wander 24
25 Effectiveness of Insertion Wordlist Matthäus Wander 25
26 Markov Attack Some strings are more probable than others th more common in English than tx Model language with 1 st order Markov chains Markov attack requires training Use hits from brute-force and dictionary attacks Markov model derived from names found Enumerate most probable names Omit others (with given time frame) Matthäus Wander 26
27 Markov Attack Matthäus Wander 27
28 Discussion Reversed 65%.com domains after 5 days Server operator pays for NSEC3 with CPU load Adjust iterations to increase CPU workload Attacker Server operator Matthäus Wander 28
29 Discussion Reversed 65%.com domains after 5 days Server operator pays for NSEC3 with CPU load Adjust iterations to increase CPU workload Attacker Server operator Matthäus Wander 29
30 Discussion Reversed 65%.com domains after 5 days Server operator pays for NSEC3 with CPU load Adjust iterations to increase CPU workload Attacker Server operator Matthäus Wander 30
31 Efficiency of CPU vs. GPU Matthäus Wander 31
32 Conclusions NSEC3 returns negative DNSSEC responses without disclosing existing domain names GPUs very efficient for breaking NSEC3 hashes Reversed 65%.com domains after 5 days Assess whether weak privacy justifies the costs Future work: GPU-based NSEC3 accelerators for DNSSEC servers Matthäus Wander 32
DNSSEC. Matthäus Wander. Erlangen, April 20, 2015. and the Hassle of Negative Responses. <matthaeus.wander@uni-due.de>
DNSSEC and the Hassle of Negative Responses Matthäus Wander Erlangen, April 20, 2015 Security Goal of DNSSEC Query: www? ftp mail ns1 www Matthäus Wander 2 Security Goal of
More informationThe Impact of DNSSEC. Matthäus Wander. on the Internet Landscape. <matthaeus.wander@uni-due.de> Duisburg, June 19, 2015
The Impact of DNSSEC on the Internet Landscape Matthäus Wander Duisburg, June 19, 2015 Outline Domain Name System Security problems Attacks in practice DNS Security Extensions
More informationVerteilte Systeme - Overview
- Overview Prof. Dr.-Ing. Torben Weis Building BC, 4 th Floor, Room 407 http://www.vs.uni-due.de Scientific Staff Christopher Boelmann Sebastian Schuster Matthäus Wander Working Areas Networked systems
More informationInternet Measurement Research
Internet Measurement Research Matthäus Wander Kassel, October 1, 2013 Overview How to get measurement data? Research projects Case studies of past projects Ideas and inspiration
More informationPart 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology
SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2
More informationInternet-Praktikum I Lab 3: DNS
Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans
More informationLarge-scale DNS and DNSSEC data sets for network security research
Large-scale DNS and DNSSEC data sets for network security research Roland van Rijswijk-Deij 1,2, Anna Sperotto 1, and Aiko Pras 1 1 Design and Analysis of Communication Systems (DACS), University of Twente,
More informationSecurity of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
More informationTHE MASTER LIST OF DNS TERMINOLOGY. First Edition
THE MASTER LIST OF DNS TERMINOLOGY First Edition DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To
More informationTHE MASTER LIST OF DNS TERMINOLOGY. v 2.0
THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people
More informationDNSSEC Applying cryptography to the Domain Name System
DNSSEC Applying cryptography to the Domain Name System Gijs van den Broek Graduate Intern at SURFnet Overview First half: Introduction to DNS Attacks on DNS Second half: DNSSEC Questions: please ask! DNSSEC
More informationHushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications
Hushmail Express Password Encryption in Hushmail Brian Smith Hush Communications Introduction...2 Goals...2 Summary...2 Detailed Description...4 Message Composition...4 Message Delivery...4 Message Retrieval...5
More informationDNSSEC. Introduction. Domain Name System Security Extensions. AFNIC s Issue Papers. 1 - Organisation and operation of the DNS
AFNIC s Issue Papers DNSSEC Domain Name System Security Extensions 1 - Organisation and operation of the DNS 2 - Cache poisoning attacks 3 - What DNSSEC can do 4 - What DNSSEC cannot do 5 - Using keys
More informationComputer Networks: Domain Name System
Computer Networks: Domain Name System Domain Name System The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses DNS www.example.com 208.77.188.166 http://www.example.com
More informationCS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.
CS 355 Computer Networking Wei Lu, Ph.D., P.Eng. Chapter 2: Application Layer Overview: Principles of network applications? Introduction to Wireshark Web and HTTP FTP Electronic Mail: SMTP, POP3, IMAP
More informationDNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008
DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you
More informationDNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April 2009. Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa. DNS & IPv6.
DNS & IPv6 MENOG4, 8-9 April 2009 Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa Agenda DNS & IPv6 Introduction What s next? SaudiNIC & IPv6 About SaudiNIC How a cctld Registry supports
More informationDomain Name System (DNS)
Domain Name System (DNS) Instructor: Anirban Mahanti Office: ICT 745 Email: mahanti@cpsc.ucalgary.ca Class Location: ICT 121 Lectures: MWF 12:00 12:50 Notes derived from Computer Networking: A Top Down
More informationDomain Name System Richard T. B. Ma
Domain Name System Richard T. B. Ma School of Computing National University of Singapore CS 3103: Compute Networks and Protocols Names Vs. Addresses Names are easier for human to remember www.comp.nus.edu.sg
More informationIntroduction Header Body content Todo List. Email Analysis. Joe Huang Anti-Spam Team Cellopoint. February 21, 2014. Joe Huang Email Analysis 1 / 62
Email Analysis Joe Huang Anti-Spam Team Cellopoint February 21, 2014 Joe Huang Email Analysis 1 / 62 Joe Huang Email Analysis 2 / 62 For spam filtering, we would like to study the content of an email to
More informationDNS at NLnet Labs. Matthijs Mekking
DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the
More informationDNS/DNSSEC loose ends
DNS/DNSSEC loose ends Karst Koymans & Niels Sijm Informatics Institute University of Amsterdam Friday, September 21, 2012 Karst Koymans & Niels Sijm (UvA) DNS/DNSSEC loose ends Friday, September 21, 2012
More informationDNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In)
DNSSEC: A Vision Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Outline DNS Today DNS Attacks DNSSEC: An Approach Countering DNS Attacks Conclusion 2 DNS Today DNS is
More informationComputer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol
More informationLecture 2 CS 3311. An example of a middleware service: DNS Domain Name System
Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.
More informationDNSSEC and DNS Proxying
DNSSEC and DNS Proxying DNS is hard at scale when you are a huge target 2 CloudFlare DNS is big 3 CloudFlare DNS is fast 4 CloudFlare DNS is always under attack 5 CloudFlare A secure reverse proxy for
More informationThe Domain Name System (DNS)
The Domain Name System (DNS) Each Internet host is assigned a host name and an IP address Host names are structured character strings, e.g., www.cs.iastate.edu IP addresses are 32 bit integers, e.g., 129.186.3.6
More informationIPv6 support in the DNS
IPv6 support in the DNS How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of
More informationOne year of DANE Tales and Lessons Learned. sys4.de
One year of DANE Tales and Lessons Learned sys4.de DANE secures Security Why secure Security? Encryption Models Opportunistic Encryption > Expect anything > Proceed if absent > Try if offered > Proceed
More informationNetwork Security. DNS (In)security. Radboud University, The Netherlands. Autumn 2015
Network Security DNS (In)security Radboud University, The Netherlands Autumn 2015 A short recap Routing means directing (Internet) traffic to its target Internet is divided into 52, 000 Autonomous Systems
More informationHigh-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,
More informationDNSSEC Practice Statement (DPS)
DNSSEC Practice Statement (DPS) 1. Introduction This document, "DNSSEC Practice Statement ( the DPS ) for the zones under management of Zodiac Registry Limited, states ideas of policies and practices with
More information2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008
2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers How does the DNS work? A typical DNS query The
More informationhttp://www.dominioweb.org Per informazioni: domini@dominioweb.org
Domini http://www.dominioweb.org Per informazioni: domini@dominioweb.org Costo Anno i.e..it 8,80.com 8,80.net 8,80.org 8,80.info 8,80.biz 8,80.eu 11,90.name 10,30.mobi 20,00.de 20,00.ch 25,00.ws 10,00.tel
More informationDNSSEC update TF Mobility, Vienna
DNSSEC update TF Mobility, Vienna Roland van Rijswijk roland.vanrijswijk [at] surfnet.nl February 18th 2010 Overview - Introduction - DNSSEC validation on resolvers - Update on what we ve learned so far
More informationDomainWire. Edition 11 Q1 2015. Council of European National Top level Domain Registries - www.centr.org
DomainWire Edition 11 Q1 2015 Global TLD Stat Report DomainWire Stat Report is CENTR s quarterly publication covering status and trends in global top-level domains with a focus on European cctlds (country
More informationOverview of DNSSEC deployment worldwide
The EURid Insights series aims to analyse specific aspects of the domainname environment. The reports are based on surveys, studies and research conducted by EURid in cooperation with industry experts
More informationDNS: Domain Name System
DNS: Domain Name System People: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 bit) - used for addressing datagrams name, e.g., ww.yahoo.com - used by humans Q: map between
More informationChapter 2 Application Layer
Chapter 2 Application Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations;
More informationSection 1 Overview... 4. Section 2 Home... 5
ecogent User Guide 2012 Cogent Communications, Inc. All rights reserved. Every effort has been made to ensure that the information in this User Guide is accurate. Information in this document is subject
More informationCS 557 - Lecture 22 DNS Security
CS 557 - Lecture 22 DNS Security DNS Security Introduction and Requirements, RFC 4033, 2005 Fall 2013 The Domain Name System Virtually every application uses the Domain Name System (DNS). DNS database
More informationA Security Evaluation of DNSSEC with NSEC3
A Security Evaluation of DNSSEC with NSEC3 Jason Bau Stanford University Stanford, CA, USA jbau@stanford.edu Abstract Domain Name System Security Extensions (DNSSEC) with Hashed Authenticated Denial of
More informationSIDN Server Measurements
SIDN Server Measurements Yuri Schaeffer 1, NLnet Labs NLnet Labs document 2010-003 July 19, 2010 1 Introduction For future capacity planning SIDN would like to have an insight on the required resources
More informationDNS Domain Name System
Domain Name System DNS Domain Name System The domain name system is usually used to translate a host name into an IP address Domain names comprise a hierarchy so that names are unique, yet easy to remember.
More informationIANA Functions to cctlds Sofia, Bulgaria September 2008
IANA Functions to cctlds Sofia, Bulgaria September 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers What is IANA? Internet Assigned Numbers Authority
More informationAuthor: Kai Engert, kaie at redhat dot com or kaie at kuix dot de For updates to this document, please check http://kuix.
Spam Salt aka Message Salt An invention against email abuse (Spam), introducing an email sender authentication mechanism. Author: Kai Engert, kaie at redhat dot com or kaie at kuix dot de For updates to
More informationCS3250 Distributed Systems
CS3250 Distributed Systems Lecture 4 More on Network Addresses Domain Name System DNS Human beings (apart from network administrators and hackers) rarely use IP addresses even in their human-readable dotted
More informationDNS Abuse Handling. Champika Wijayatunga APRICOT2015 Fukuoka Japan Feb 2015
DNS Abuse Handling Champika Wijayatunga APRICOT2015 Fukuoka Japan Feb 2015 Acknowledgements Dave Piscitello Vice President, Security and ICT Coordination ICANN 2 2 Agenda 1 2 3 Brief Overview of DNS Defining
More informationWhere is Hong Kong in the secure Internet infrastructure development. Warren Kwok, CISSP Internet Society Hong Kong 12 August 2011
The Internet is for Everyone. Become an ISOC Member. Cyber Security Symposium 2011 Where is Hong Kong in the secure Internet infrastructure development Warren Kwok, CISSP Internet Society Hong Kong 12
More informationHow To Understand The Effect Of A Domain Name Extension On A Network Attack On A Domain Names Server (Dns)
DNSSEC and Its Potential for DDoS Attacks A Comprehensive Measurement Study Roland van Rijswijk-Deij University of Twente and SURFnet bv r.m.vanrijswijk@utwente.nl Anna Sperotto University of Twente a.sperotto@utwente.nl
More informationDNSSEC for Everybody: A Beginner s Guide
DNSSEC for Everybody: A Beginner s Guide San Francisco, California 14 March 2011 4:00 to 5:00 p.m. Colonial Room The Schedule 2 This is Ugwina. She lives in a cave on the edge of the Grand Canyon... This
More informationDomain Name System Security
Domain Name System Security Guevara Noubir Network Security Northeastern University 1 Domain Name System DNS is a fundamental applica=on layer protocol Not visible but invoked every =me a remote site is
More informationPassword Cracking Beyond Brute-Force
Password Cracking Beyond Brute-Force by Immanuel Willi Most password mechanisms work by comparing a password against a stored reference value. It is insecure to store the whole password, so one-way functions
More informationDNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .
Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name
More informationTHE DOMAIN NAME SYSTEM DNS
Announcements THE DOMAIN NAME SYSTEM DNS Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 Today s Lecture I. Names vs. Addresses II. III. IV. The Namespace
More informationAgenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS
Agenda Network Services Domain Names & DNS Domain Names Domain Name System Internationalized Domain Names Johann Oberleitner SS 2006 Domain Names Naming of Resources Problems of Internet's IP focus IP
More informationGuidance for Preparing Domain Name Orders, Seizures & Takedowns
Guidance for Preparing Domain Name Orders, Seizures & Takedowns Abstract This thought paper offers guidance for anyone who prepares an order that seeks to seize or take down domain names. Its purpose is
More informationDomain Name System (or Service) (DNS) Computer Networks Term B10
Domain Name System (or Service) (DNS) Computer Networks Term B10 DNS Outline DNS Hierarchial Structure Root Name Servers Top-Level Domain Servers Authoritative Name Servers Local Name Server Caching and
More informationDATA COMMUNICATOIN NETWORKING
DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach By: Kurose, Ross Introduction Course Overview Basics of Computer Networks Internet
More informationResilient Networking. Thorsten Strufe. Module 5: Name Resolution / DNS
Resilient Networking Thorsten Strufe Module 5: Name Resolution / DNS Disclaimer: This module prepared in cooperation with Mathias Fischer, Michael Roßberg, and Günter Schäfer Dresden, SS 15 Module Outline
More information.eu Insights. Website usage trends among top-level domains 2014
.eu Insights Website usage trends among top-level domains 2014 January 2014 .eu Insights The EURid Insights series aims to analyse specific aspects of the domain name environment. The reports are based
More informationDomain Name System DNS
CE443 Computer Networks Domain Name System DNS Behnam Momeni Computer Engineering Department Sharif University of Technology Acknowledgments: Lecture slides are from Computer networks course thought by
More informationDetecting Search Lists in Authoritative DNS
Detecting Search Lists in Authoritative DNS Andrew Simpson March 10 th, 2014 Summary Early research into name collisions has postulated that search list interaction drives some portion of the DNS requests
More informationRoot zone update for TLD managers Mexico City, Mexico March 2009
Root zone update for TLD managers Mexico City, Mexico March 2009 Kim Davies Manager, Root Zone Services Internet Corporation for Assigned Names & Numbers A quick census 280 delegated 11 testing 280 delegated
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationDDoS Vulnerability Analysis of Bittorrent Protocol
DDoS Vulnerability Analysis of Bittorrent Protocol Ka Cheung Sia kcsia@cs.ucla.edu Abstract Bittorrent (BT) traffic had been reported to contribute to 3% of the Internet traffic nowadays and the number
More informationDomain Name System. Overview. Domain Name System. Domain Name System
Overview Domain Name System We look first at how the Domain Name System (DNS) is implemented and the role it plays in the Internet We examine some potential DNS vulnerabilities and in particular we consider
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationThe Domain Name System
DNS " This is the means by which we can convert names like news.bbc.co.uk into IP addresses like 212.59.226.30 " Purely for the benefit of human users: we can remember numbers (e.g., telephone numbers),
More informationThe Environment Surrounding DNS. 3.1 The Latest DNS Trends. 3. Technology Trends
3. The Environment Surrounding DNS DNS is used in many applications, serving as an important Internet service. Here we discuss name collision issues that have arisen with recent TLD additions, and examine
More informationDNSSEC - Why Network Operators Should Care And How To Accelerate Deployment
DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment Dan York, CISSP Senior Content Strategist, Internet Society Eurasia Network Operators' Group (ENOG) 4 Moscow, Russia October
More informationAdobe Systems Software Ireland Ltd
Adobe Systems Software Ireland Ltd Own motion investigation report 13/00007 Timothy Pilgrim, Australian Privacy Commissioner Contents Overview... 2 Background... 3 Relevant provisions of the Privacy Act...
More informationLesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division
Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation
More informationDeploying DNSSEC: From End-Customer To Content
Deploying DNSSEC: From End-Customer To Content March 28, 2013 www.internetsociety.org Our Panel Moderator: Dan York, Senior Content Strategist, Internet Society Panelists: Sanjeev Gupta, Principal Technical
More informationAppInspect: Large-scale Evaluation of Social Networking Apps
AppInspect: Large-scale Evaluation of Social Networking Apps ACM COSN, Boston, 10/08/2013 Markus Huber, Martin Mulazzani, Sebastian Schrittwieser, Edgar Weippl mhuber[at]sba-research[dot]org Main Contributions
More informationDynamic Searchable Encryption in Very Large Databases: Data Structures and Implementation
Dynamic Searchable Encryption in Very Large Databases: Data Structures and Implementation David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel Roşu and Michael Steiner Rutgers
More informationThe Domain Name System from a security point of view
The Domain Name System from a security point of view Simon Boman Patrik Hellström Email: {simbo105, pathe321}@student.liu.se Supervisor: David Byers, {davby@ida.liu.se} Project Report for Information Security
More informationQUESTIONS AND ANSWERS
TECHNOLOGY CONSULTANCY Innovative. Reliable. Efficient. QUESTIONS AND ANSWERS WEB HOSTING SERVICES What you need to know about Web Hosting Q&A - WEBHOSTING 1. What is web hosting? Web Hosting is a service
More information18-731 Midterm. Name: Andrew user id:
18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem
More informationINTERNET DOMAIN NAME SYSTEM
INTERNET DOMAIN NAME SYSTEM http://www.tutorialspoint.com/internet_technologies/internet_domain_name_system.htm Copyright tutorialspoint.com Overview When DNS was not into existence, one had to download
More informationDatabase Design Patterns. Winter 2006-2007 Lecture 24
Database Design Patterns Winter 2006-2007 Lecture 24 Trees and Hierarchies Many schemas need to represent trees or hierarchies of some sort Common way of representing trees: An adjacency list model Each
More informationThe Internet, Intranets, and Extranets. What is the Internet. What is the Internet cont d.
C H A P T E R 7 The Internet, Intranets, and Extranets What is the Internet Millions of computers, all linked together on a computer network. A home computer usually links to the Internet using a phone
More informationDNS. Spring 2016 CS 438 Staff 1
DNS Spring 2016 CS 438 Staff 1 Host Names vs. IP addresses Host names Mnemonic name appreciated by humans Variable length, full alphabet of characters Provide little (if any) information about physical
More informationWildcard and SAN: Understanding Multi-Use SSL Certificates
Wildcard and SAN: Understanding Multi-Use SSL Certificates LEVERAGING MULTI-USE DIGITAL CERTIFICATES TO SIMPLIFY CERTIFICATE MANAGEMENT AND REDUCE COSTS Wildcard and SAN: Understanding Multi-Use SSL Certificates
More informationDefending against DNS reflection amplification attacks
University of Amsterdam System & Network Engineering RP1 Defending against DNS reflection amplification attacks February 14, 2013 Authors: Thijs Rozekrans Javy de Koning
More informationSecure Remote Password (SRP) Authentication
Secure Remote Password (SRP) Authentication Tom Wu Stanford University tjw@cs.stanford.edu Authentication in General What you are Fingerprints, retinal scans, voiceprints What you have Token cards, smart
More informationThe Domain Name System
Internet Engineering 241-461 Robert Elz kre@munnari.oz.au kre@coe.psu.ac.th http://fivedots.coe.psu.ac.th/~kre DNS The Domain Name System Kurose & Ross: Computer Networking Chapter 2 (2.5) James F. Kurose
More informationDomain Name System. CS 571 Fall 2006. 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved
Domain Name System CS 571 Fall 2006 2006, Kenneth L. Calvert University of Kentucky, USA All rights reserved DNS Specifications Domain Names Concepts and Facilities RFC 1034, November 1987 Introduction
More informationiscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent
More informationTypes of hypertext. Hypertext documents can either be 1.Static 2.Dynamic
Hypertext Hypertext is text displayed on a computer or other electronic device with references (hyperlinks) to other text that the reader can immediately access, usually by a mouse click or key press sequence.
More informationCentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31, 2012. https://www.centralnic.
CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12 CentralNic Privacy Policy Version 1.0 July 31, 2012 https://www.centralnic.com/ CentralNic Privacy Policy Last Updated: February 6, 2012
More informationThe Myth of Twelve More Bytes. Security on the Post- Scarcity Internet
The Myth of Twelve More Bytes Security on the Post- Scarcity Internet IPv6 The Myth of 12 More Bytes HTTP DHCP HTTP TLS ARP TCP UDP Internet Protocol Link Layer Physical Layer ICMP The Myth of 12 More
More informationSnow Agent System Pilot Deployment version
Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who
More informationAttack Frameworks and Tools
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Attack Frameworks and Tools Pranav Jagdish Betreuer: Nadine Herold Seminar Innovative Internet
More informationSpeeding up GPU-based password cracking
Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1,2 Lejla Batina 2,3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Who
More informationπωχ Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers
Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers Lotus Domino is inherently secure...a Misconception!!! Security is Not Automatic!!!! Slide #2 Security Requires Planning Design
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationPublic Domain Names And Their Importance In 2012
.be domain names & registrars 2014 2 Number of new.be registrations 193,659 222,919 232,746 257,637 267,780 306,341 299,846 264,930 2007 2008 2009 2010 2011 2012 2013 2014 Movements in the number of domain
More informationThe Collateral Damage of Internet Censorship by DNS Injection
The Collateral Damage of Internet Censorship by DNS Injection Anonymous presented by Philip Levis 1 Basic Summary Great Firewall of China injects DNS responses to restrict access
More informationDomainWire. Edition 13 Q3 2015. Council of European National Top level Domain Registries - www.centr.org
DomainWire Edition 13 Q3 2015 Global TLD Stat Report DomainWire Stat Report is CENTR s quarterly publication covering status and trends in global top-level domains with a focus on European cctlds (country
More information