Secure Shell
advertisement
Information Security 1 (InfSi1)
5 DNS Security Extensions
DNSSEC
Prof. Dr. Andreas Steffen
Institute for Internet Technologies and Applications (ITA)
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 1
Information Security 1 (InfSi1)
5.1 Kaminsky Attack on
the Domain Name Service
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 2
DNS Resolution via Recursive Nameserver
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 3
DNS Request
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 4
DNS Response
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 5
Simple DNS Cache Poisoning
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 6
Guessing Query ID and UDP Source Port
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 7
The Dan Kaminsky DNS Vulnerability – July 2008
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 8
Information Security 1 (InfSi1)
5.2 DNS Root Servers
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 9
DNS Root Servers
IPv4
IPv6
Operator
#
A 198.41.0.4
2001:503:BA3E::2:30
8
B 192.228.79.201
2001:478:65::53
VeriSign Inc.
Information Sciences Institute, USC
C 192.33.4.12
-
Cogent Communications
8
D 199.7.91.13
2001:500:2D::D
University of Maryland
2
E 192.203.230.10
-
NASA Ames Research Center
12
F 192.5.5.241
2001:500:2F::F
Internet Systems Consortium Inc.
56
G 192.112.36.4
-
US DoD Network Information Center
H 128.63.3.53
2001:500:1::803F:235 US Army Research Lab
I
192.36.148.17
2001:7FE::53
Netnod
43
J
192.58.128.30
2001:503:C27::2:30
VeriSign Inc.
69
K 193.0.14.129
2001:7FD::1
RIPE NCC
17
L 199.7.83.42
2001:500:3::42
ICANN
M 202.12.27.33
2001:DC3::35
WIDE Project
1
6
2
146
6
Total number of servers:
376
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 10
Global Map of Root Servers
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 11
Information Security 1 (InfSi1)
5.3 DNS Security
Resource Records
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 12
DNSSEC Chain of Trust
root
*
ch.
switch.ch.
root DNSKEY (KSK)
root DNSKEY (ZSK)
KSK/ZSK
ch. DS
ch. DNSKEY (KSK)
ZSK
ch. DNSKEY (ZSK)
KSK/ZSK
switch.ch. DS
switch.ch. DNSKEY (KSK)
ZSK
switch.ch. DNSKEY (ZSK)
KSK/ZSK
switch.ch. NS ns1/ns2
ZSK
www.switch.ch. A x.x.x.x
* explicit import e.g. via trusted web site
ZSK
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 13
DNSSEC Resource Records I - DNSKEY
•
•
DNSKEY - DNS Public Key
Contains a public key used to sign the RRsets of a zone
switch.ch. 81154 IN DNSKEY 256 3 5
AwEAAeCDWwjJO4mXBzayiKf4p7waJ7Ew
eUnsTsAWkxpfELci4iaVdBugzYPfsZIg
9R6TIPky3LoPAPmIjCc2fbFkKnrGI7hJ
jXAGMRwRJIBprFx4BXZSsjsvGb6MGC+e
xHSlXw==
;{id = 64608 (zsk), size = 768b}
•
Flags field
•
Algorithm field
• 256 -> Zone Signing Key (ZSK)
• 257 -> Key Signing Key (KSK) with secure entry point (SEP) flag set
•
•
•
•
5
7
8
10
-> SHA-1 with RSA
-> SHA-1 with RSA & NSEC3 with SHA-1
-> SHA-256 with RSA
-> SHA-512 with RSA
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 14
DNSSEC Resource Records II - RRSIG
•
•
RRSIG - Resource Record Signature
Contains a public key signature over a resource record set (RRset)
merapi.switch.ch. 172800 IN A 130.59.211.10
merapi.switch.ch. 172800 IN RRSIG A 5 3 172800
20091128231033
20091029231033
64608 switch.ch.
3KW9YjxdL08FqVYKFSn9
Q4+8U1iYrVCun+J1Ny8Y
IiMC+6oQS/GZwRn2mr+H
MruwEjNB9s7bWGzRmRiR
TATPvS67gxjCiJkSP58P
kGJ1dW3wBaz6r1feGNvz
KhHLhvRe ;{id = 64608}
•
Signature Expiration and Inception Fields
•
Key Tag Field
• The signature is not valid before Inception and after Expiration date.
• Contains the key tag of the key which signed the RRset.
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 15
DNSSEC Resource Records III - DS
•
•
DS - Delegation Signer
Signed hash computed over KSK of child zone
switch.ch. 3364 IN DS
43837 5 1
91dcfca519cf8b038441869878cc3610
60200534
switch.ch. 3364 IN DS
43837 5 2
838cef7635952df83311a92b48ae7f19
1ae29484534e38b1ab7b3d0966b9ee55
switch.ch. 3416 IN RRSIG DS 7 2 3600
20091123183442
20091117220724 31034 ch.
LPh8RgXQSqPcdQz6s1PJOjTuopO9RxQg
s1YYCY/CnhYaHxb6ndNBJ7QP20eKN+91
/ULjN4Ep/k9Pgtos979i5OfEXpfLcWcv
rKP1xGvqW4PjP+MT1PDs6uKisEUqGBoQ
p7+nkkzjY+YsDbxtTV+/8uHcSnNmXoMm
SqPms3G0aw4= ;{id = 31034}
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 16
DNSSEC Resource Records IV - NSEC
•
•
NSEC – Next Owner Name
Authenticated denial of existence of an owner name
merapi.switch.ch. 180 IN NSEC
mercury.switch.ch.
A PTR AAAA LOC RRSIG NSEC
merapi.switch.ch. 180 IN RRSIG NSEC 5 3 180
20091128231033
20091029231033
64608 switch.ch.
kW1SnXWoJKwOHEG1P3INI83EOGuQ
GujwvBT/MSWVQ+ms/2DXxjQcpt1Z
P07+XI51cc0t7erUUG31KZdmUpXZ
tQzPUJh49jjLh9aTjRiH1xGhlxv5
af+N95JDykRGSOAq ;{id = 64608}
•
•
Proof that there is no name between merapi.switch.ch. and
mercury.switch.ch.
Allows enumeration of complete zone data!!!
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 17
DNSSEC Resource Records V - NSEC3
•
•
NSEC3 – Next Owner Name in Hashed Order
Hashed Authenticated Denial of Existence
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 691 IN NSEC3
1 1 1 d399eaab
h9rsfb7fpf2l8hg35cmpc765tdk23rp6
NS SOA RRSIG DNSKEY NSEC3PARAM ; flags: optout
h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 691 IN RRSIG NSEC3 7 2
86400 20091202211702 20091118201702 5273 org.
a+CC37hRM7yCFBaZn2SeRgY9h247GXptCuBYf45TwaoR
xvBwTAXPT+UwZ/4hxwc2v7AR7ZZ8UOMiNJvYsl59eFW8
Xtgws4/Aih0fJ2/O8yUHwI695fRf9PrpxXEpqzStjSZP
5arJ1oldDAHcnxgLqdAMW6wnK1FNrslfJblJlmU=
;{id = 5273}
•
•
•
Proof that there is no name between org. and ???.org.
Does not allow straight enumeration of zone data!
Dictionary attacks are possible but expensive.
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 18
Information Security 1 (InfSi1)
5.4 DANE
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 19
DNS-based Authentication of Named Entities
DANE (RFC 6698, August 2012)
•
DANE defines a TLSA Resource Record
Cert. Usage
Selector
Matching Type
Certificate Association Data
•
Certificate Usage
•
Selector
•
Matching Type
0 – CA Certificate Constraint
1 – Server Certificate Constraint
2 – Trust Anchor Assertion for Private CA
3 – Domain Issued Certificate
0 – Full Certificate
1 – Public Key Info (Public Key plus Key Type Information)
0 – Exact Match on Selected Content
1 – SHA-256 Hash of Selected Content
2 – SHA-512 Hash of Selected Content
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 20
DANE – Verifying Server and CA Certificates
TLS Server
www.hsr.ch
www.hsr.ch
private key
check server
certificate
DNS Server
hsr.ch
www.hsr.ch. TLSA 1 0 1
SHA-256 Hash
Kool CA
ZSK
or
TLS Client
Kool CA
Kool CA
check CA
certificate
www.hsr.ch. TLSA 0 0 2
SHA-512 Hash
ZSK
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 21
DANE – Getting CA Certificate or Public Key
TLS Server
www.hsr.ch
private key
www.hsr.ch
DNS Server
hsr.ch
www.hsr.ch. TLSA 2 0 0
HSR CA
HSR CA
get CA
certificate
HSR CA
ZSK
TLS Client
or
get CA
public key
www.hsr.ch. TLSA 2 1 0
ZSK
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 22
DANE – Verifying Self-Signed Server Certificates
TLS Server
www.hsr.ch
www.hsr.ch
Self
private key
check server
certificate
DNS Server
hsr.ch
www.hsr.ch. TLSA 3 0 1
SHA-256 Hash
ZSK
TLS Client
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 23
DANE – Verifying Raw RSA Keys
TLS Server
www.hsr.ch
private key
check server
public key
DNS Server
hsr.ch
www.hsr.ch. TLSA 3 1 1
SHA-256 Hash
ZSK
TLS Client
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 24
DANE – Getting Server Certificate or Public Key
TLS Server
www.hsr.ch
private key
DNS Server
hsr.ch
www.hsr.ch. TLSA 3 0 0
www.hsr.ch
get server
certificate
Self
ZSK
TLS Client
or
get server
public key
www.hsr.ch. TLSA 3 1 0
ZSK
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 25
Information Security 1 (InfSi1)
5.5 DNS Root Signing
Process
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 26
DNSSEC Root Zone Signing Process
TLD Operator
DS
Records
ICANN
Vetting and Processing
DS
Records
DoC NTIA
Authorization of Changes
DS
Records
VeriSign
Editing and Signing of Root Zone
DS
Records
Root ZSK
ZSK
Root Servers (A, ... , M)
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 27
DNSSEC Root Zone Signing Key Signing Process
ZSK Private Key
VeriSign
ZSK Management
ZSK
ZSK
ZSK
KSK
KSR
Key Signing Request
SKR
Signed Key Response
ICANN
KSK Management
KSK
Published on Web Site
KSK
KSK Private Key
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 28
ICANN Key Ceremonies
Tier 1 – Facility – Access Control by Data Center
Tier 2 – Facility – Access Control by Data Center
Tier 3 – Facility – Access Control by Data Center
Tier 4 – Cage – Access Control by Data Center
Tier 5 – Safe Room – Access Control by ICANN
Tier 6 – Safe #1
Tier 6 – Safe #2
Tier 7 – HSM
KSK Private Keys
Tier 7 – Safe Deposit Box
Key Ceremony
Computer
Crypto Officers‘
Credentials
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 29
ICANN Key Ceremonies
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 30
Periodic Key Rollover
T-10
T+0
T+10
T+20
T+30
T+40
T+50
T+60
T+70
T+80
T+90
ZSK
ZSK
ZSK
ZSK
post-publish
ZSK Rollover (every 90 days)
ZSK
ZSK
pre-publish
ZSK
post-publish
ZSK
ZSK
ZSK
ZSK
ZSK
ZSK
ZSK
pre-publish
ZSK
KSK
KSK
Optional KSK Rollover (every 2-5 years or on demand)
KSK
KSK
KSK
KSK
KSK
KSK
KSK
KSK
KSK
KSK
KSK
publish+sign publish+sign publish+sign publish+sign publish+sign publish+sign publish+sign revoke+sign revoke+sign
KSK
publish
KSK
publish
KSK
publish
KSK
publish
KSK
publish
publish+sign publish+sign publish+sign publish+sign
RRSIG Validity Period (10 days + 50% overlap)
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 31
DNSSEC Deployment (October 22, 2013)
•
•
TLDs signed by root zone:
• 13 gTLDs: arpa asia biz cat com edu gov info mil museum net org post
• 81 ccTLDS: ac af ag am at be bg br bz ca cc ch cl co cr cx cz de dk eu fi
fo fr gi gl gn gr gs hn in io is jp kg ki kr la lb lc li lk lt lu lv me
mm mn my na nc nf nl nu nz pl pm pr pt pw re ru sb sc se
sh si su sx tf th tm tt tv tw tz ua ug uk us wf yt
• 8 IDN ccTLDS: xn--kprw13d xn--kpry57d (台湾 Taiwan)
xn--mgbx4cd0ab ( مليسياMalaysia)
xn--3e0b707e (한국 South Korea)
xn--o3cw4h (ไทย Thailand)
xn-l1acc (мон Mongolia)
xn-h2brj9c (भारत India)
xn--p1ai (рф Russia)
Signing of major gTLDs:
• net: December 2010
• com: March 2011
Andreas Steffen, 22.10.2013, 5-DNSSEC.pptx 32
