DNSSEC / PrivacyCS 161: Computer SecurityProf. Vern PaxsonTAs: Devdatta Akhawe, Mobin Javed& Matthias Vallentinhttp://inst.eecs.berkeley.edu/~cs161/April 5, 2011Today’s Lecture• Finish discussion of DNSSEC– Ensuring that DNS results indeed matchthose from the corresponding authority• A look at privacy– Mechanisms & practices that subvert it– Technical measures to obtain itSecuring DNS Lookups• How can we ensure that when clients look upnames with DNS, they can trust the answers theyreceive?• Idea #1: do DNS lookups over TLS– (assuming either we run DNS over TCP, or we use“Datagram TLS”)– Issues?• Performance: DNS is very lightweight. TLS is not.• Caching: crucial for DNS scaling. But then how do we keepauthentication assurances?• Idea #2: make DNS results like certs– I.e., a verifiable signature that guarantees whogenerated a piece of data; signing happens off-lineOperation of DNSSEC• DNSSEC = standardized DNS securityextensions currently being deployed1. Suppose we look up mail.google.com– We get an answer from google.com nameserver (NS)– Plus: signature for answer (in Additional section)purportedly signed by g oogle .com NS2. Look up public key for google.com NS– That answer is signed by .com NS3. Look up public key for .com NS– That answer is signed by root (‘.’) NS4. Root NS’s public key is wired into our resolver• All of these keys are cacheable(simplified)mail.google.com A 1.2.3.4mail.google.com?Client ns1.google.comOrdinary DNS:mail.google.com A 1.2.3.4SIG 0x1F92..9mail.google.com?Client ns1.google.comDNSSEC:google.com KEY 0x828C..ESIG 0x90A4..5google.com?Client com’s NSmail.google.com A 1.2.3.4mail.google.com?Client ns1.google.comDNS:mail.google.com A 1.2.3.4SIG 0x1F92..9mail.google.com?Client ns1.google.comDNSSEC:google.com KEY 0x828C..ESIG 0x90A4..5google.com?Client com’s NSThis key …mail.google.com A 1.2.3.4mail.google.com?Client ns1.google.comDNS:mail.google.com A 1.2.3.4SIG 0x1F92..9mail.google.com?Client ns1.google.comDNSSEC:google.com KEY 0x828C..ESIG 0x90A4..5google.com?Client com’s NS… validates thissignaturemail.google.com A 1.2.3.4mail.google.com?Client ns1.google.comDNS:mail.google.com A 1.2.3.4SIG 0x1F92..9mail.google.com?Client ns1.google.comDNSSEC:google.com KEY 0x828C..ESIG 0x90A4..5google.com?Client com’s NSSimilarly, the root willreturn .com’s KEY, whichwill validate this signaturemail.google.com A 1.2.3.4mail.google.com?Client ns1.google.comDNS:mail.google.com A 1.2.3.4SIG 0x1F92..9mail.google.com?Client ns1.google.comDNSSEC:google.com KEY 0x828C..ESIG 0x90A4..5google.com?Client com’s NSFinally, we can validatethe .com KEY supposedlyreturned by the root usingour hardwired knowledgeof the root’s public keymail.google.com A 1.2.3.4mail.google.com?Client ns1.google.comDNS:mail.google.com A 1.2.3.4SIG 0x1F92..9mail.google.com?Client ns1.google.comDNSSEC:google.com KEY 0x828C..ESIG 0x90A4..5google.com?Client com’s NSUpon completing all of these signaturevalidations, we have strong confidence inthe chain of signatures, and thus in thecorrectness of the mail.google.com resultIssues With DNSSEC ?• Issue #1: Replies are Big– E.g., “dig++dnssec+berkeley.edu” can return 2100+ B– DoS amplification– Increased latency on low-capacity links– Headaches w/ older libraries that assume replies < 512B• Issue #2: Partial deployment– Suppose .com not signing, though google.com is– Major practical concern. What do we do?– Can wire additional key into resolver (doesn’t scale)– Or: outsource to trusted third party (“lookaside”)• Wire their key into resolver, they sign numerous early adoptersIssues With DNSSEC, con’t• Issue #3: Partial deployment– What do you do with unsigned/unvalidated results?– If you trust them, weakens incentive to upgrade– If you don’t trust them, a whole lot of things break• Issue #4: Negative results (“no such name”)– What statement does the nameserver sign?– If “gabluph.google.com” doesn’t exist, then have to dodynamic key-signing (expensive) for any bogus request• DoS vulnerability– Instead, sign (off-line) statements about order of names• E.g., sign “gabby.google.com followed by gabrunk.google.com”• Thus, can see that gabluph.google.com can’t exist– But: now attacker can enumerate all names that exist :-(Issues With DNSSEC, con’t• Issue #5: Who do you really trust?– For your laptop, say, who does all the “grunt work” offetching keys & validating DNSSEC signatures?• Convenient answer: your laptop’s local resolver– … which you acquire via DHCP in your local coffeeshop– I.e., exactly the most-feared potentially untrustworthypart of the DNS resolution process!• Alternatives?⇒ Your laptop needs to do all the validation work itselfPrivacyDefining Privacy• Privacy = right to control who knows certainaspects about you / your communications /your activities– Control over disclosure– And ideally over subsequent use• How much of an issue is this?E.g., how much information about you doweb sites learn as you surf?Privacy & Web Surfing• The sites you visit learn:– The URLs you’re interested in• Google/Bing also learns what you’re searching for– Your IP address• Thus, your service provider & geo-location• Can often link you to other activity including at othersites– Your browser’s capabilities, which OS you run,which language you prefer– Which URL you looked at that took you there• Via “Referer”headerPrivacy & Web Surfing, con’t• Oh and also cookies.• Cookies = state that server tells browser tostore locally– Name/value pair, plus expiration date• Browser returns the state any time visitingthe same site• Where’s the harm in that?And are these used much anyway?Let’s remove allof our cookiesWe do a Google searchon “private browsing”And we click onthe top resultNote that this mode isprivacy from your family,not from web sites!What on earth is Googletracking in this one?It sticks aroundfor 6 monthsWhoa - we gained11 cookies!Hmmm. Mozillais tracking us too.And for 5 years!They’re even rememberingjust how we visited themAnd something else(as we’ll see in a bit)until the End Of Time(MY IP Address)Without doing anythingelse, we’ve gained a12th cookie …We now do just one moreoperation, opening the homepage of www.nytimes.comdoubleclick.net -who’s that?And how did it getthere from
View Full Document
Unlocking...