dnssec first

45
DNSSEC DNS Security Extensions FIRST Technical Colloquium Victor Ramiro NIC Labs [email protected]

Upload: victor-ramiro

Post on 15-May-2015

1.710 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: DNSSEC FIRST

DNSSEC

DNS Security Extensions

FIRST Technical Colloquium

Victor Ramiro

NIC Labs

[email protected]

Page 2: DNSSEC FIRST

Agenda

•! What is DNSSEC?

•! DNSSEC implementation

•! DNSSEC in NIC Chile

•! DNSSEC in Authoritative Servers

2

Page 3: DNSSEC FIRST

WHAT IS

DNSSEC?

DNSSEC… What?!

3

Page 4: DNSSEC FIRST

Domain Name System (DNS)

•! Internet works with IP addresses (similar to

telephone numbers)

–! Example: 200.1.123.3

•! A DNS server is like a “Phone guide to

remember the IP address”

–! Example: www.nic.cl ! 200.1.123.3

•! This guide or database is hierarchical and

distributed

4

Page 5: DNSSEC FIRST

How DNS works

Root

!"#$%$%$#&!'

ns.nic.cl

#(($!$!#)$&'

ns1.uchile.cl

#(($*"$+($)'

DNS Server

#(($+%$($&'

!"($",$&*$!),'

¿www.uchile.cl?

¿cl?

¿www.uchile.cl?

ns.nic.cl -#(($!$!#)$&.'

#(($*"$+($!**'

www.uchile.cl

#(($*"$+($!**'

GET index.html

http://www.uchile.cl/index.html

#(($*"$+($!**'Cache

/'

000$123456$25''#(($*"$+($!**'778'

/'

Resolver

Authoritative

Authoritative

Authoritative

Expiration

5

Page 6: DNSSEC FIRST

DNS Hierarchy /'

25''''''''''''''''9:';<$;42$25'

;<$;42$25'''''''''='#(($!$!#)$&'

25''''''''''''''''='>$;42$25'

>$;42$25''''''''''='#(($!$!#!$!('

?@A'''''''''''''''9:'B5C!$15B@>C;<$;6B''

75C!$15B@>C;<$;6B'='#(&$+&$!!#$!'

/'

/'

;42'''''''''''9:';<$;42$25'

;<$;42$25'''''=''#(($!$!#)$&'

123456''''''''9:';<!$123456$25'

;<!$123456$25'=''#(($*"$+($)'

/'

/'

000'=''#(($*"$+($!**'

C22'9:';<$C22$123456$25''

;<''=''!"#$*($#&$#'

/'

/'

000'''=''#(($!$!#)$)'

''''''DE'F>45$;42$25''

F>45''=''#(($!$!#)$*'

/'

GHH$IHJK8L$H8'

/'

2>4C>'''''''''''9:';<!$12<C$6C1'

;<!$12<C$6C1'''''=''!#*$%&$!,$#'

/'

H=KG=$MNO'

ROOT

CL ORG

UCHILE.CL NIC.CL

6

Page 7: DNSSEC FIRST

Motivation to implement security into

DNS

•! “Normal” DNS doesn’t have means to

guaranty the authenticity of the information

•! Neither can guaranty the information

integrity

•! It’s a higly distributed database

–! There isn’t a centralized agent for verification

–! There are several failure points

7

Page 8: DNSSEC FIRST

Security problems in DNS

Root

!"#$%$%$#&!'

ns.nic.cl

#(($!$!#)$&'

DNS Server

#(($+%$($&'

!"($",$&*$!),'

¿www.uchile.cl?

¿cl?

ns.nic.cl -#(($!$!#)$&.'

!$#$)$&'

http://www.uchile.cl/index.html

ns1.uchile.cl

#(($*"$+($)'

evil.uchile.cl (6.6.6.0)

“from 200.1.123.4”

!$#$)$&'

www.uchile.cl

#(($*"$+($!**'

!$#$)$&'

GET index.html

,$,$,$('

8

Page 9: DNSSEC FIRST

DNS data flow

Master

Secondaries

Resolvers

Stub Resolver

(application library)

/'

;42'''''''''''9:';<$;42$25'

;<$;42$25'''''=''#(($!$!#)$&'

123456''''''''9:';<!$123456$25'

;<!$123456$25'=''#(($*"$+($)'

/'

Zone generation

/'

;42'''''''''''9:'>$;42$25'

/'

/'

;42'''''''''''9:'>$;42$25'

/'

Dynamic update

9

Page 10: DNSSEC FIRST

Vulnerabilities

Master

Secondaries

Resolvers

Stub Resolver

/'

;42'''''''''''9:';<$;42$25'

;<$;42$25'''''=''#(($!$!#)$&'

123456''''''''9:';<!$123456$25'

;<!$123456$25'=''#(($*"$+($)'

/'

Zone generation

/'

;42'''''''''''9:'>$;42$25'

/'

/'

;42'''''''''''9:'>$;42$25'

/'

Dynamic update

Data

corruption

Cache

poisoning

Unauthorized

Update

Supplanting

Server Security Data Security

DNSSEC

10

Page 11: DNSSEC FIRST

DNS Security Extensions

(DNSSEC)

•! Guaranties the data authenticity and

integrity

–! Introduces digital signatures

•! It uses trust chains from the root to the

requested domain

•! It introduces a considerable extra

complexity into the processes

11

Page 12: DNSSEC FIRST

Digital Signature

I love you!

Alice Bob

mmm… ¿How may I be

sure that the message comes from Bob?

(and that nobody has changed it)

Bob creates a

key pair

Bob

Public Key Private Key

Bob

Public Key

Creates

Verify

12

Page 13: DNSSEC FIRST

How DNSSEC works?

Root

!"#$%$%$#&!'

ns.nic.cl

#(($!$!#)$&'

ns1.uchile.cl

#(($*"$+($)'

DNS Server

#(($+%$($&'

!"($",$&*$!),'

¿www.uchile.cl?

¿cl?

¿www.uchile.cl?

ns.nic.cl -#(($!$!#)$&.'

#(($*"$+($!**'

-=1B36;B42>B6C.'

www.uchile.cl

#(($*"$+($!**'

GET index.html

http://www.uchile.cl/

index.html

root

cl

?

uchile.cl

root

cl

cl

#(($*"$+($!**'

uchile.cl

uchile.cl

DS Record

DS Record

13

Page 14: DNSSEC FIRST

Some facts about digital signatures

•! All the security resides in the private key

•! The strength of a key is defined by the time to break it –! As bigger is the key, longer is the time it lives (harder to

break it)

•! It’s computational consuming to create a key pair

•! It’s computational consuming to generate a digital signature (expotentially to the key key size) –! The existing domains are pre-signed

–! What about the non existing domains?

14

Page 15: DNSSEC FIRST

Non existing domains

¿existsfake.nic.cl?

NXDOMAIN

/'

>$;42$25'

6P4<B<$;42$25'

6P4<B<B??$;42$25'

000$;42$25'

/'

Alphabetic order

ns.nic.cl

] exists.nic.cl , existstoo.nic.cl [

Normal DNS DNSSEC

¡Consequence!, with several request

for domains we can learn the full zone (walking the zone)

15

Page 16: DNSSEC FIRST

/'

>$;42$25'

6P4<B<$;42$25'

6P4<B<B??$;42$25'

000$;42$25'

/'

Alphabetic order

ns.nic.cl

/'

J->;?B36@$;42$25.'

J-000$;42$25.'

J-F>45$;42$25.'

J->$;42$25.'

/'

Alphabetic order with the

hash

ns.nic.cl

Non existing domains

¿exitstsfake.nic.cl?

NXDOMAIN

] H(www.nic.cl) , H(mail.nic.cl) [

New extension: NSEC3, solves “walking the zone”

H(exitstsfake.nic.cl)

m 635EA8F7CD9A76EEF610B1

X H(m)

16

Page 17: DNSSEC FIRST

DNSSEC

IMPLEMENTATION

Piece by piece…

17

Page 18: DNSSEC FIRST

Implementation

•! Resources DNS (Resource Records)

www.niclabs.cl. ! !86400 !IN !A !200.27.115.130!

niclabs.cl. ! !3579 !IN !NS !ns.niclabs.cl.!

niclabs.cl. ! !86400 !IN !MX !10 smtp.niclabs.cl.!

www.niclabs.cl. ! !86400 !IN !AAAA !2001:1398:16:4:100::2!

Name

TTL Class Type Value

18

Page 19: DNSSEC FIRST

New resource records

•! Digital signature records

–! RRSIG: Signature of a RRset

–! DNSKEY: Public key

–! DS: Delegation Signer

•! Consistency records

–! NSEC/NSEC3

19

Page 20: DNSSEC FIRST

Implementation

•! DNSSEC Introduces 4 new records

–! 1) RRSIG (Digital Signature)

www.niclabs.cl. ! !19 IN A !212.247.7.218!

www.niclabs.cl. ! !19 IN RRSIG A 5 3 60 20091019132001 (!

! ! ! !20091009132001 51428 niclabs.cl.!

! ! ! !W1PycCseBhS9doaTgqETt2xyaD5psVf0uCdoa6MLqliW!

! ! ! !L4T05B5wYobl/+IMIFxaHyEPqZIzezUCQEMD5L1QJCK6!

! ! ! !Fp/HHTJOPsfgHvGP5pKc2SjzQvJ+5Tx6BIKSnrwCduAl!

! ! ! !4yWGRSMhXiMArz4nUfVymzFjYfepMlhXbupycps= )!

RR sign.

type

Algorithm

Labels

Original

TTL

Expiration

Time

Inception

Time

Key Tag Signer’s

name

Digital

Signature 20

Page 21: DNSSEC FIRST

Implementation

•! DNSSEC Introduces 4 new records

–! 2) DNSKEY (Public Key)

niclabs.cl. ! ! !3600 IN !DNSKEY 256 3 5 (!

! ! ! !BQEAAAABwHjOzI7/4vXsmQGSDPSHSCJqVhpQNtyFgETJ!

! ! ! !ymEatCPKqC43zahNmucNVMURGXhzz31jRQXdriMAryqK!

! ! ! !dDHgS36/4ZsFMLSOZSXlR+O9rnmtpVtsTICoXprgBy6h!

! ! ! !GIYiIx6m8C+e9c9EfQjQW7E/216Wzoo2qE7UuR0XReaP!

! ! ! !980=!

! ! ! !) ; key id = 51428!

niclabs.cl. ! ! !3600 IN !DNSKEY 257 3 5 (!

! ! ! !AwEAAdhJAx197qFpGGXuQn8XH0tQpQSfjvLKMcreRvJy!

! ! ! !O+f3F3weIHR36E8DObolHFp+m1YkxsgnHYjUFN4E9sKa!

! ! ! !38ZXU0oHTSsB3adExJkINA/tINDlKrzUDn4cIbyUCqHN!

! ! ! !Ge0et+lHmjmfZdj62GJlHgVmxizYkoBd7Rg0wxzEOo7C!

! ! ! !A3ZadaHuqmVJ2HvqRCoe+5NDsYpnDia7WggvLTe0vorV!

! ! ! !6kDcu6d5N9AUPwBsR7YUkbetfXMtUebux71kHCGUJdmz!

! ! ! !p84MeDi9wXYIssjRoTC5wUF2H3I2Mnj5GqdyBwQCdj5o!

! ! ! !tFbRAx3jiMD+ROxXJxOFdFq7fWi1yPqUf1jpJ+8=!

! ! ! !) ; key id = 16696!

Algorithm

Public Key

Flags: Zone

Key (ZSK)

Flags: Entry

Point (KSK)

Protocol

(fixed)

Key Tag

21

Page 22: DNSSEC FIRST

•! DNSSEC Introduces 4 new records

–! 3) DS (Delegation)

Implementation

niclabs.cl. ! ! !1007 IN !DS 16696 5 1 (!

! ! ! !EF5D421412A5EAF1230071AFFD4F585E3B2B1A60 )!

niclabs.cl. ! ! !1007 IN !RRSIG DS 5 1 3600 20091022230530 (!

! ! ! !20091016022314 12075 cl.!

! ! ! !HAqB5XoFsakxjmzk6YvRvJFXHyXvBMfjjPbd0u4RXojV!

! ! ! !fGGrHtBgt5eIh/c6X8p+JDONf5nypt7cFatUCRm2M4N3!

! ! ! !ZbBKOJyYonFU4LIEQ5CjmHVFCJHBOxKLDAWe2P3jX4/a!

! ! ! !kQ3JUy5SKztkoGn4GFhQnjCgWyf+n1GqAwTgD6A= )!

Key Tag

Algorithm

Hash Type

Hash Value

Signature from

the father

22

Page 23: DNSSEC FIRST

•! DNSSEC Introduces 4 new records

–! 4) NSEC (Non existing domain: none.niclabs.cl)

Implementation

lists.niclabs.cl. ! !3536 IN !NSEC ns.niclabs.cl. A MX RRSIG NSEC!

lists.niclabs.cl. ! !3536 IN !RRSIG NSEC 5 3 3600 20091026132001 (!

! ! ! !20091016132001 51428 niclabs.cl.!

! ! ! !npxr6gaJtvrdYFndtKa8rJYcIdonp6q/Nrklaf6xoMN9!

! ! ! !xDbIqem0HzzM5qPStXWbG3TGSWJfIwqOeY6FMAaXER/e!

! ! ! !hlg+eFyRd5Zb/EAxSIx4NMUkKrWMkdsj49GZhHO9yEtB!

! ! ! !5yRU1T4Ii2GULiX233DwvWt/+ZLaJfEODU0kVTk= )!Next existing

domain

Asociated

resources to list.niclabs.cl.

23

Page 24: DNSSEC FIRST

Key issues

•! Interaction with parent is administratively

expensive

–! Should only be done when needed

–! Bigger keys with long lifetime are better

•! Signing zones should be fast

–! Memory restrictions

–! Space and time concerns

–! Smaller keys with short lifetimes are better

24

Page 25: DNSSEC FIRST

Key solution

•! Operate with two keys

–! KSK: Key Signing Key

•! Bigger Key

•! Create bigger signatures (just signs ZSK DNSKEY)

•! Long lifetime (years)

–! ZSK: Zone Signing Key

•! Smaller Key

•! Create smaller signatures

•! Short lifetime (months)

•! Flag Entry Point (256/257)

25

Page 26: DNSSEC FIRST

26

Walking the trust chain

. DNSKEY (id = 11) ; KSK!

DNSKEY (id = 22) ; ZSK!

RRSIG DNSKEY (11)!

CL. DS 33!

RRSIG DS (...) (22)!

cl. DNSKEY (id = 33) ; KSK !

DNSKEY (id = 44) ; ZSK!

RRSIG DNSKEY (33)!

nic.cl. DS 55!

RRSIG DS (...) (44)!

nic.cl. DNSKEY (id = 55) ; KSK !

DNSKEY (id = 66) ; ZSK!

RRSIG DNSKEY (55)!

www.nic.cl. A 200.1.123.3!

RRSIG A (...) (66)!

Root KSK signs ZSK

Root ZSK sign

authoritative data (SOA, NS, DS, etc)

CL. KSK signs ZSK

CL. ZSK sign

authoritative data (SOA, NS, DS, etc)

Page 27: DNSSEC FIRST

27

Verify the trust chain

•! Data in zone can be trusted if signed by a ZSK

•! ZSK can be trusted if signed by a KSK

•! KSK can be trusted if pointed to by a trusted

DS record

•! DS record can be trusted:

–! If signed by the parent ZSK

–! DS or DNSKEY can be trusted if they are a Secure

Entry Point (SEP)

Page 28: DNSSEC FIRST

Lifetime for signatures and keys

28

Page 29: DNSSEC FIRST

DNSSEC IN

NIC CHILE

Or… how to implement

dnssec in a TLD?

29

Page 30: DNSSEC FIRST

DNSSEC in the world

30

Page 31: DNSSEC FIRST

DNSSEC in the world

•! Operative TLDs:

–! .se .org .gov .br .bg .cz .pr .na .th

•! Root zone:

–! fully deployed by July 2010

–! So, no more excuses to implement it!

•! And Chile…?

31

Page 32: DNSSEC FIRST

NIC Chile

•! Working on DNSSEC since

–! 2004/xx: First toy tests...

–! 2008/07: Niclabs start formal research

–! 2008/11: Internal Working Group

–! 2009/06: Internal resolver with iTAR & DLV

(BIND + Unbound)

–! 2009/07: Testbed .CL + DNSSEC

–! 2009/08: Public resolver resolversec.niclabs.cl

32

Page 33: DNSSEC FIRST

NIC Chile

•! Short term solution

–! Signing differences

–! DS registry by hand

–! Currently in test

•! Long term solution

–! DS exchange integrated with EPP

–! Distributed crypto

–! Open generic solution for the community

33

Page 34: DNSSEC FIRST

Long term solution in NIC Chile

34

Page 35: DNSSEC FIRST

Securing the key

•! Threshold

Cryptography

35

Page 36: DNSSEC FIRST

AUTHORITATIVE

SERVERS

yes, your servers…

36

DNSSEC

Page 37: DNSSEC FIRST

What do I need?

•! You want to do it! (really)

•! Define signature and keys lifetime

–! RRSIG 1 month

–! ZSK 3 months / KSK 1 year

•! Define keys sizes

–! KSK>= 2048 and ZSK>=1024

•! Define your process and policy

–! Documentation (emergency recovery)

–! Training

37

Page 38: DNSSEC FIRST

Key creation

•! KSK

•! ZSK

dnssec-keygen -a RSASHA1 -r /dev/urandom !-b 2048 -f KSK -n ZONE cl.!

dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE cl.!

38

Page 39: DNSSEC FIRST

Zone-signing

•! NSEC

•! NSEC3

–! Algorithm NSEC3RSASHA1

–! -3 “salt” for hash computation

–! -A: Opt-Out

dnssec-signzone -o cl -N INCREMENT !-k Kcl.+005+28753 -r /dev/random !cl.Zone Kcl.+005+31320!

39

dnssec-signzone -o cl -N INCREMENT !-k Kcl.+005+28753 -r /dev/random -3 “123” -A cl.zone Kcl.+005+31320!

Page 40: DNSSEC FIRST

Zone-resigning

•! -i interval: keep “old” signatures

•! default cycle interval = (end time - start

times)/4.

•! Replace with a new RRSIG if it expires in

the last cycle interval

40

Page 41: DNSSEC FIRST

CONCLUSIONS

41

Page 42: DNSSEC FIRST

Decisions for DNSSEC

•! NSEC or NSEC3?

•! Key sizes?

–! KSK (Key Signing Key) and ZSK (Zone Signing Key)

•! Life time for keys/signatures?

•! Sign all at once? Opt-out?

•! Revoke keys

–! Normal rollover, key compromise, key lost.

–! Overlap of keys (old ones sign new ones) ?

–! Father, Sons ?

42

Page 43: DNSSEC FIRST

Other issues

•! Resolver behaviour

–! Domain secure, unsecure, bogus,

undeterminated

•! How much cost DNSSEC

–! CPU, memory, time, bandwidth, effort,

development

Page 44: DNSSEC FIRST

DNSSEC…

•! Solves authenticity and integrity problems

•! Introduces a lot of operational overhead

–! Key management must be improved

–! Needs practice

•! Is it worth it?

–! Open discussion…

44

Page 45: DNSSEC FIRST

45