Wednesday, July 30, 2014

Key Transparency for DNSSEC?

At the recent IETF meeting in Toronto, there was an interesting discussion in the trans working group on DNSSEC certificate transparency, and there is a (very) preliminary IETF draft (that needs a lot more work):

    http://tools.ietf.org/html/draft-zhang-ct-dnssec-trans

This isn't a new topic. It has been talked about off and on for a number of years. The first time I ran across this was on the "The Right Key" email list in 2012 when measures to detect and counter fraudulently issued PKI (X.509) certificates were being proposed. This ultimately led to the creation of the trans working group, whose main goal is to produce and standardize a transparency system for X.509 certificates, based on the mechanism described in RFC 6962.

Does DNSSEC need a similar transparency system? For X.509 certificates, the threats are well known and documented (I wrote about them a bit in an earlier blog article) - any of the many root certificate authorities, or their intermediates, are capable of issuing a certificate for anyone on the Internet, and it is virtually impossible to know for sure if a fraudulent certificate has been issued. A central, cryptographically verifiable audit log of issued certificates might be able to address this issue (assuming that all CAs participated in it, which is by no means a certain proposition).

For DNSSEC it isn't obvious that a similar mechanism is needed, and whenever this topic comes up, there is a lot of head scratching and bewildered looks from DNS engineers wondering what the possible threat model is. I must admit, I didn't foresee the possible attack, until it was described to me in this exchange on The Right Key list by Paul Hoffman and Ben Laurie:

    http://www.ietf.org/mail-archive/web/therightkey/current/msg00470.html

If you'd like to read the entire email thread, it starts here:

    http://www.ietf.org/mail-archive/web/therightkey/current/msg00452.html

In DNSSEC, the keys for a zone are vouched for by a single parent zone (by means of a signed DS record corresponding to the child's keys). A zone operator can query the parent's DS records himself to verify that the correct DS key is being returned. However, what the zone operator cannot do, is to verify that the parent domain is not selectively responding with false DS records to queries from a targeted set of other victims.

To quote from that thread,

"For example, assume the domain name example.newtld. The owner of example has put DS record A in the newtld zone. If the owner of newtld goes rogue and shows DS record B to a limited number of requests (such as to a particular geographic region or set of network addresses), the party with the private key associated with B can spoof example, and the owner of example would not know unless he could see B."

(Note: for this attack to be useful, in addition to showing the fake DS records, newtld would have to show fake NS records and possibly glue records to redirect the victim to alternate DNS servers with the corresponding DNSKEY records)

If the parent zone is doing this on wide scale, they are likely to get caught and face action. But highly targeted attacks will be very hard to detect. Are these scenarios far fetched? Most DNS top level domains are run by reputable organizations and would likely not risk engaging in such security shenanigans. However, even if we assume they are completely forthright, they are vulnerable to "compelled" attacks by government agencies. In April 2010, Chris Soghoian and Sid Stamm in a paper ("Certified Lies: Detecting and Defeating Government Interception Attacks against SSL") describe such attacks against SSL/TLS certificates with evidence suggesting that they are actually in use. In light of Edward Snowden's NSA revelations, these kinds of compelled attacks (legally compelled or otherwise) are more likely than ever. DNSSEC keys and delegation signer records are just as vulnerable to them.

The title of the IETF draft mentioned at the beginning of this article is "Certificate Transparency for DNSSEC", which is probably a misnomer. The data that would be most valuable to enter into a DNSSEC transparency log are not certificates, but secure entry point keys for zones (e.g. DS records and/or Key Signing Keys). So a more appropriate name might be "Key Transparency for DNSSEC". DNS zones can contain certificates, or hashes corresponding to certificates (e.g. TLSA, CERT, etc records), however there are many other record types that might contain cryptographic keying material (SSHFP, IPSECKEY, and proposals for others in the pipeline). And why not have an audit log for more mundane non-crypto records too, eg. name to address mappings? Individually logging all of these data types for every zone will likely prove to be an infeasible task.

If we limit the scope of the transparency log to DS records, there are still some very significant technical challenges that need to be solved. One is scalability to the world wide DNS. The Certificate Transparency log is being implemented as an append-only log with a Merkle tree, and a DNSSEC log will likely follow the same approach. Quoting RFC 6962:

"The append-only property of each log is technically achieved using Merkle Trees, which can be used to show that any particular version of the log is a superset of any particular previous version. Likewise, Merkle Trees avoid the need to blindly trust logs: if a log attempts to show different things to different people, this can be efficiently detected by comparing tree roots and consistency proofs. Similarly, other misbehaviors of any log (e.g., issuing signed timestamps for certificates they then don't log) can be efficiently detected and proved to the world at large."

Even though DNSSEC is still in a fledgeling state of deployment, we need to design a mechanism that can scale to the entire DNS system and accommodate the expected churn of zone keys (e.g. due to key rollovers etc). A single centralized log may not be able to do this, and alternative models may need to be considered (e.g. limiting the depth of zones that the log will hold; implementing a hierarchy of logs, etc).

Another problem is that a rogue or compelled parent zone can not only return fake DS records, but could also answer authoritatively for names inside the child zone without any referrals to the child zone (a fake in-zone answer). This is harder to protect against, but I can think of a number of possible defenses. At the level of TLDs (top level domains) one possible protection might be to have DNS resolvers treat them as delegation-only and reject all subdomain answers that aren't referrals. Another (probably more promising) approach is for resolvers to employ a query-name minimization algorithm that only reveals the needed labels of the query name to authoritative DNS servers as they traverse the delegation hierarchy. In fact, there is active work going on in the DNS engineering community on such qname minimization schemes and other privacy enhancing extensions to the DNS.

A DNSSEC transparency log, if deployed, could be useful as an audit channel to periodically detect attacks, and for forensics. Performing checks of the log inline with the DNS resolution process may not be practical because of the probably high performance penalty (with the currently proposed log structure), which means attacks could not be detected in real time.

So is it really worth deploying such a system? I'm not yet sure. In the end, DNS is a hierarchical system, and there is always the possibility of being victimized by your parent zone either by error, incompetence, malice, or coercion. Even if we deploy centralized sets of transparency logs, we'd have to them think about how to prevent them from being compromised or co-erced. There are decentralized (non-hierarchical) naming systems out there, like gnunet, namecoin, etc. But they have the usual problem that they are only really used by a small group of very technically savvy users. We should probably take a more serious look at them. But I think the compelled attack is a very real threat, and it's probably worth some serious thought about how to deploy practical defenses against it in the global DNS.

The IETF recently published RFC 7258, declaring that pervasive monitoring is an attack for which all IETF protocols should have technical countermeasures. It may also be time for the IETF to standardize mitigations for highly targeted attacks.

Shumon Huque

57 comments:

  1. I think this is a useful post and it is valuable and educated. Along these lines, I might want to thank you for the undertakings that you have made recorded as a hard copy this article. All the substance is totally well-inquired about. Much appreciated also try this one GBWhatsApp Apk

    ReplyDelete
  2. Am I the only person, who has problems with this key? It doesn't work at all. Maybe, I do something wrong. Can anybody explain me?

    ReplyDelete
  3. great article!! sharing these type of articles is the nice one and i hope you will share an article on data science.By giving a institute like 360DigiTMG.it is one the best institute for doing certified coursesdata science bootcamp malaysia

    ReplyDelete
  4. Simply the manner in which I have anticipated. Your site truly is intriguing.
    hrdf training course

    ReplyDelete
  5. I need to communicate my deference of your composing aptitude and capacity to make perusers read from the earliest starting point as far as possible. I might want to peruse more up to date presents and on share my musings with you.
    data analytics course

    ReplyDelete

  6. I would prescribe my profile is critical to me, I welcome you to talk about this point... hrdf claimable

    ReplyDelete
  7. Are you freaked out of Spotify on Mobile? We give you Spotify for. You can enjoy the following features which are inaccessible on the mobile app.spotify wiki

    ReplyDelete
  8. Your work is very good and I appreciate you and hopping for some more informative posts
    best institute for data science in hyderabad

    ReplyDelete
  9. Find Local Musicians to Jam With | Freelance Musicians for Hire Near Me:Whether you are in bands seeking musicians or looking to hire student musicians locally, SoulShare is a unique platform to connect and find other musicians to jam with.

    Source: Musicians for hire near me

    ReplyDelete
  10. Thank you for excellent article.You made an article that is interesting.
    data science course in gurgaon

    ReplyDelete
  11. This post is very simple to read and appreciate without leaving any details out. Great work!
    data scientist course in yelahanka

    ReplyDelete
  12. Thanks for posting the best information and the blog is very informative.Data science course in Faridabad

    ReplyDelete
  13. Thank you for sharing this post, I really enjoyed reading every single word.

    Data Science can be interpreted as an advanced application of Computer Science which has been specially designed to deal with the data analytics applications. By making use of advanced tools and algorithms, Data Science has the power to mine & extract valuable insights which are encrypted inside the data. Thereby, uncovering the hidden patterns & information from the data has become a lot easier. This Data Science Course Training In Hyderabad will help the students gain real-world hands-on insights for handling the real-time industry challenges in this Data Science domain.

    For More info Please Visit Our Site or else feel free to Call/WhatsApp us on +91-9951666670 or mail at info@technologyforall.in

    Data Science Course in Hyderabad


    ReplyDelete
  14. Thanks for the great post you posted. I like the way you describe the unique content. The points you raise are valid and reasonable. I am a tech support expert telling you about
    Paychex Flex Login >> Roadrunner email login >> Bitdefender Login >> Paypal Login >> Paypal Login >> Paypal Login >> ebay Login >> ebay Login >> netflix login >> Spectrum email login

    ReplyDelete
  15. I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors.
    data analytics courses in bangalore

    ReplyDelete
  16. i am glad to discover this page : i have to thank you for the time i spent on this especially great reading !! i really liked each part and also bookmarked you for new information on your site.
    cyber security training in bangalore

    ReplyDelete
  17. I am glad to discover this page. I have to thank you for the time I spent on this especially great reading !! I really liked each part and also bookmarked you for new information on your site.
    Data Science Training in Chennai

    ReplyDelete
  18. I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors.
    data analytics courses in bangalore

    ReplyDelete
  19. Very awesome!!! When I searched for this I found this website at the top of all blogs in search engines.

    Best Data Science courses in Hyderabad

    ReplyDelete
  20. Hi! Thanks for this. Are you interesting in currency trading? Visit my website to find out useful info.

    ReplyDelete
  21. Thanks for posting the best information and the blog is very important.data science institutes in hyderabad

    ReplyDelete
  22. A Word Can Be Used from various sentences

    Here and there to comprehend a word's significance you need in excess of a definition;
    you need to see the word utilized in a sentence. At YourDictionary, we give you the apparatuses to realize what a word means and how to utilize it effectively.
    With this sentence creator, basically type a word in the pursuit bar and see an assortment of sentences with that word utilized in its various manners.
    Our sentence generator can give more setting and significance, guaranteeing you utilize a word the correct way.

    ReplyDelete
  23. It is extremely nice to see the greatest details presented in an easy and understanding manner.
    business analytics course

    ReplyDelete
  24. Why don't you understand nepali? it's super easy have a look at English to nepali typing converter

    ReplyDelete
  25. Fantastic article I ought to say and thanks to the info. Instruction is absolutely a sticky topic. But remains one of the top issues of the time. I love your article and look forward to more.
    Data Science Course in Bangalore

    ReplyDelete
  26. I am glad to discover this page. I have to thank you for the time I spent on this especially great reading !! I really liked each part and also bookmarked you for new information on your site.
    Data Science Course Syllabus

    ReplyDelete
  27. Always so interesting to visit your site.What a great info, thank you for sharing. this will help me so much in my learning
    digital marketing courses in hyderabad with placement

    ReplyDelete
  28. Thank you quite much for discussing this type of helpful informative article. Will certainly stored and reevaluate your Website.
    Data Analytics Course in Bangalore

    ReplyDelete
  29. I think this is a rather serious problem, not of the scale of a company or a town, but of a country as well. So, for example, to bring it to the political discourse, but the question arises whether such control will be democratically conditioned. By type, taking him out, talking about him, do we touch personal boundaries, for example interesting government topics where a similar question is discussed.

    ReplyDelete
  30. Very wonderful informative article. I appreciated looking at your article. Very wonderful reveal. I would like to twit this on my followers. Many thanks! .
    Data Analytics training in Bangalore

    ReplyDelete
  31. Nice to be seeing your site once again, it's been weeks for me. This article which ive been waited for so long. I need this guide to complete my mission inside the school, and it's same issue together along with your essay. Thanks, pleasant share.
    Data Science training in Bangalore

    ReplyDelete
  32. Terrific post thoroughly enjoyed reading the blog and more over found to be the tremendous one. In fact, educating the participants with it's amazing content. Hope you share the similar content consecutively.

    data science course in varanasi

    ReplyDelete
  33. I have perused your blog its appealing and noteworthy. I like it your blog.
    DevOps Training in Hyderabad
    DevOps Course in Hyderabad

    ReplyDelete
  34. This is one of the best information i have read on internet. People should get lots of things from this.
    AWS Training in Hyderabad
    AWS Course in Hyderabad

    ReplyDelete
  35. First You got a great blog .I will be interested in more similar topics. i see you got really very useful topics, i will be always checking your blog thanks.
    data scientist certification malaysia

    ReplyDelete
  36. I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors.
    business analytics courses

    ReplyDelete
  37. This is just the information I am finding everywhere. Thanks for your blog, I just subscribe your blog. This is a nice blog..
    3Movierulz

    ReplyDelete
  38. Amazing knowledge and I like to share this kind of information with my friends and hope they like it they why I do
    data science training in malaysia

    ReplyDelete
  39. I am glad to discover this page. I have to thank you for the time I spent on this especially great reading !! I really liked each part and also bookmarked you for new information on your site.
    Data Science Training in Chennai

    ReplyDelete
  40. These thoughts just blew my mind. I am glad you have posted this.
    data scientist training and placement

    ReplyDelete
  41. Thanks for posting the best information and the blog is very good.data science course in Lucknow

    ReplyDelete
  42. for players who are familiar with gambling games, of course they are familiar with the name sbobet which is the largest online gambling agent and of course we are here as a sbobet agent for Indonesian players and have proven to be the best and can be trusted by the Indonesian people.

    ReplyDelete
  43. Thank you for taking the time to publish this information very useful!
    data scientist training in hyderabad

    ReplyDelete
  44. This is really very nice post you shared, i like the post, thanks for sharing..
    data science course

    ReplyDelete
  45. This post is very simple to read and appreciate without leaving any details out. Great work!
    data science course in aurangabad

    ReplyDelete
  46. great article!! sharing these type of articles is the nice one and i hope you will share an article on data science.By giving a institute like 360DigiTMG.it is one the best institute for doing certified courses
    data science course in aurangabad

    ReplyDelete
  47. Fantastic article I ought to say and thanks to the info. Instruction is absolutely a sticky topic. But remains one of the top issues of the time. I love your article and look forward to more.
    Data Science Course in Bangalore

    ReplyDelete
  48. Thank you quite much for discussing this type of helpful informative article. Will certainly stored and reevaluate your Website.
    Data Analytics Course in Bangalore

    ReplyDelete
  49. This tool was very useful. I have subscribed to your blog. You can also have a look at mcafee.com activate and learn about this awesome antivirus.

    ReplyDelete