The Impact of DNSSEC. Matthäus Wander. on the Internet Landscape. Duisburg, June 19, 2015

Transcription

1 The Impact of DNSSEC on the Internet Landscape Matthäus Wander Duisburg, June 19, 2015

2 Outline Domain Name System Security problems Attacks in practice DNS Security Extensions (DNSSEC) Protection and new problems Adoption in practice Matthäus Wander 2

3 DOMAIN NAME SYSTEM Matthäus Wander 3

4 Domain Name System (DNS) Stub Resolver Recursive Resolver Recursive Resolver Distributed Database Hierarchical Namespace Authoritative Name Servers Resolve domain names to data (e.g. IP address) Data sets: resource records Matthäus Wander 4

5 DNS Spoofing Attacks Stub Resolver Recursive Resolver Recursive Resolver Attacker Goals: Divert application to another server Deny service Authoritative Name Servers Matthäus Wander 5

6 DNS Spoofing Attacks Stub Resolver Recursive Resolver Recursive Resolver On-path attacker: Sees query, spoofs response (e.g. public WiFi) Authoritative Name Servers Off-path attacker: Predicts query, spoofs response (anywhere in the Internet) Matthäus Wander 6

7 Man-in-the-Middle Attack Stub Resolver Recursive Resolver Recursive Resolver Man-in-the-middle (MITM) attacker: Sees query, spoofs response Authoritative Name Servers Filtering of resolver users Matthäus Wander 7

8 Man-in-the-Middle Attack Stub Resolver Recursive Resolver Man-in-the-middle (MITM) attacker: Sees query, spoofs response Authoritative Name Servers Filtering of resolver users Matthäus Wander 8

9 Man-in-the-Middle Attack Stub Resolver ISP Router Recursive Resolver MITM attack on IP router: Deep Packet Inspection of DNS traffic Router sees query, spoofs response Authoritative Name Servers Effective filtering of all DNS queries in network Matthäus Wander 9

10 Cumulated responses Probing for DNS Injectors Published in: IEEE Access, 2014 Responses for facebook.com Vantage point Round-trip time [s] Matthäus Wander 10

11 DNS Injection over Time Published in: IEEE Access, 2014 Responses for facebook.com Matthäus Wander 11

12 Impact Assessment on Third Parties Published in: IEEE Access, 2014 Unrelated third party routed through censored country Matthäus Wander 12

13 Open Resolver Measurement Published in: IEEE Access, 2014 Worldwide impact of Chinese DNS injection Top-level domains 1144 name servers Multiple vantage points 255k open resolvers worldwide Sender Open Resolver IN A? Destination: TLD server Matthäus Wander 13

14 Affected resolvers Affected resolvers Open Resolver Results Published in: IEEE Access, k resolvers (6%) affected by Chinese DNS injection 14k affected when contacting e.dns.kr Country Matthäus Wander 14 Destination name server

15 .kr Top-Level Domain Servers Published in: IEEE Access, 2014 Matthäus Wander 15

16 Impact Assessment on Third Parties Published in: IEEE Access, 2014 Unrelated third party routed through censored country into Matthäus Wander 16

17 DNSSEC Matthäus Wander 17

18 Concept DNS zone Stub Resolver Recursive Resolver Recursive Resolver Authoritative Name Server Security goals: data integrity and authenticity Signatures pre-generated over DNS data sets End-to-end security between validator and signer Matthäus Wander 18

19 Public Key Distribution. Public key net: key fingerprint net. Public key verteiltesysteme.net: key fingerprint Resolver has copy of root public key verteiltesysteme.net. Public key Signed resource records Matthäus Wander 19

20 Trust Model DNSSEC Root Zone Top-level 2nd level Authority limited to subnamespace Powerful root authority Matthäus Wander 20

21 Cache Lock-in Stub Resolver Recursive Resolver Recursive Resolver Authoritative Name Server CD=1 CD=1 DNS zone Cache Cache Cache End-to-end security: validation on end host Independent of validation failures on intermediate resolvers Request response without DNSSEC validation Problem: cache lock-in Matthäus Wander 21

22 Cache Lock-in Stub Resolver Recursive Resolver Recursive Resolver Authoritative Name Server CD=1 CD=1 DNS zone Cache Cache Cache Omit intermediate resolvers Effectiveness of intermediate caching? Matthäus Wander 22

23 Trace-driven Simulation of Cache Effectiveness Cache Clients Recursive Resolver Cache collection point Authoritative Name Servers Cache Cache Cache models: Shared cache in front of 10k clients 10k independent caches Matthäus Wander 23

24 Queries per 10-min bucket Bandwidth Overhead Internal External (shared) External (10k) External traffic: Shared cache: 2.44 GBytes 10k caches: 7.55 GBytes Sep 19 Sep 21 Sep Universität 23 SepDuisburg-Essen Sep Matthäus Wander 24

25 Latency Overhead Matthäus Wander 25

26 Latency Overhead Q 0, ms Q 0,9 +74 ms Utilize intermediate DNS caches Q 0,5 +11 ms Fall back to autonomous resolution on failure Matthäus Wander 26

27 Privacy and Confidentiality Published in: IEEE NCA, 2014 Client: no privacy improvement Cleartext DNSSEC messages Server: discloses hash values of zone contents Server proves non-existence Client queries h( test )=80a1 DNS zone Server database Hashing supposed to hide names 78a1 NSEC3 8e5d Break NSEC3 hash values with GPU-based attacks One GPU reveals 65%.com hash values in 5 days Matthäus Wander 27

28 ADOPTION OF DNSSEC Matthäus Wander 28

29 Signed Top-Level Domains Matthäus Wander 29

30 Signed Second-Level Domains DNS zone Server database TLD Domains 1. nl 2,279, br 566, cz 448, com 426, se 349, eu 320, fr 205, no 119, be 92, net 81, org 46, ovh 29, nu 21, de 20,004 Total: 5,146,705 signed domains Matthäus Wander 30

31 Algorithms and Key Sizes Algorithm Survey of 3.4M domains Domains RSA/MD5 0 DSA/SHA-1 2,176 RSA/SHA-1 1,547,782 RSA/SHA-256 1,869,157 RSA/SHA-512 1,100 GOST R ECDSA P-256/SHA ECDSA P-384/SHA >99% use RSA RSA Key Size Domains , ,152, , , ,135 Shortest RSA key per domain Result Domains No DNSKEY (dangling DS) 17,751 No trusted DNSKEY (dangling DS) Matthäus Wander 31 1,066 No RRSIG for trusted DNSKEY 238 Signature expired 2,138 Signature verify failure 5 Validation failure 21,198 Validation success 3,416,700 0,6% domains fail validation

32 Measuring Validating Clients Published in: LNCS PAM, Invisible 1px images SigOk SigFail DNSKEY Recursive Resolver Authoritative Name Server Matthäus Wander 32

33 DNSSEC Validation Published in: LNCS PAM, k test results from 557k distinct IP addresses Matthäus Wander 33

34 DNSSEC Validation per Country Published in: LNCS PAM, Median per country: 1% Matthäus Wander 34

35 DNSSEC Validation per Country Median per country: 20% Matthäus Wander 35

36 Conclusions (1/2) DNS spoofing used for Internet filtering 6% resolvers worldwide affected by Chinese DNS injection Evidence of router-based DNS injection in Iran Political changes in DNS filtering observable from outside DNS caching causes lock-in on bogus data Trace-driven simulation shows moderate benefit of caching Suggestion: omit DNS caches on DNSSEC validation failure Matthäus Wander 36

37 Conclusions (2/2) DNSSEC secures data integrity and authenticity Hashing is ineffective for protecting the DNS database First-time survey of all DNSSEC signed domains 5M signed domains: >99% use RSA, 0.6% are broken 3-year measurement of validating clients Worldwide increase of DNSSEC adoption Varies by country (median 20%) Matthäus Wander 37

38 Referenced Publications M. Wander, T. Weis: Measuring Occurrence of DNSSEC Validation, Passive and Active Measurement (PAM), LNCS Springer, M. Wander, C. Boelmann, L. Schwittmann, T. Weis: Measurement of Globally Visible DNS Injection, IEEE Access, M. Wander, L. Schwittmann, C. Boelmann, T. Weis: GPU-based NSEC3 Hash Breaking, IEEE NCA, Awarded best student paper. Matthäus Wander 38