IETF Logo Mail Archive

[dns-privacy] Security Considerations: Traffic Analysis

"Hollenbeck, Scott" <shollenbeck@verisign.com> Mon, 16 August 2021 12:14 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A4413A0B8B for <dns-privacy@ietfa.amsl.com>; Mon, 16 Aug 2021 05:14:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWW-5z7vVQ08 for <dns-privacy@ietfa.amsl.com>; Mon, 16 Aug 2021 05:14:39 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C678E3A0B87 for <dprive@ietf.org>; Mon, 16 Aug 2021 05:14:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=3533; q=dns/txt; s=VRSN; t=1629116079; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=FYFH6IValoTataXXxkWF+zj8ylquyv7MdZUlMtbsk9Y=; b=XxEc2trBxTjPSSdFNeM4MwSHo9dliNwNViQgW9UrWAeItzqZNEqaYnBG x1AF0r9pgKJF9d03WbdRVDLFAAB7HmpnyKGcoOdNGCls89jcOKh2M2h1J tcOGSvDiPysSDpFqsu0vv7z0488OGYLcjOf9YE3A76Sh/BlPHju78ThwY tTgnohQKr1k5+Bkjv9XwjGyiWNhoMDb0HBKrUldpqCbphAIux8BEDT2JQ kODQmlIQ8IedtwMwiWWVRiz2s2GJQtaVVQY2cfjKr9TkN6zO7wDg3rT6z 7x0ohqXnnbCBUtLhK60j4rYSanhKpaAK5mNi4lS/ogkQme08ZwsX/Eke0 w==;
IronPort-SDR: 2SY1xJfWC+6/vtw2hW9+w/lyYMh8LxJmU5+wEH6MfchfS8C35eLx8VNOdEqcyu70hIswqyyY8D CuaSNSCl5zrwFohiPX8G5OR9O2YSd0JUTkC+/VqjPsuiZyS+U1BfCkuBdidjCfsGpytzkconu+ EqDhrBa/slcbUw8bQkByhbcEuLoVjeMngYyIct1RIW7U/zpHDalxlutZRvE9xsk6sPaoFBaeyM yGKqCN4OH3poxoxvFutpm6fYUKz8Gbyn/Yp6iqBfg7QaPIj4VN65RHzU+Du7ZmDsd45IwJL5hv 80k=
IronPort-HdrOrdr: A9a23:dCg5BKDkdYv+dmnlHelx55DYdb4zR+YMi2TDsHoBLCC9E/bo9f xG88566faZslgssRIb9uxoUZPoKU80nqQFgrX5U43CYCDW/EWlK4145ZbvznnKC0TFmtJ15O NFf7JlANP9SXp3na/BijWQIpIFzMOc+K6lwd3CyWxgJDsGV4h74xxnBh2gHkp6eQlDCfMCf6 ah2g==
X-IronPort-AV: E=Sophos;i="5.84,324,1620691200"; d="scan'208";a="9363359"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Mon, 16 Aug 2021 08:14:35 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.2308.008; Mon, 16 Aug 2021 08:14:35 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: Security Considerations: Traffic Analysis
Thread-Index: AdeSlga+jApWtBQ/RqOdFIqCjVWIHw==
Date: Mon, 16 Aug 2021 12:14:35 +0000
Message-ID: <b7bdb0aded484ffc86a7ab58ab9115a8@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/3J8wqYq2VoFhptNlY5DAx9wMKlI>
Subject: [dns-privacy] Security Considerations: Traffic Analysis
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 12:14:46 -0000

The iterative nature of recursive resolution gives an on-path monitor multiple opportunities to observe query traffic between a recursive resolver and an authoritative name server. Even with encryption, the name server IP addresses can be used to draw accurate conclusions about qnames by matching IP addresses to name servers identified in publicly available zones. This is something that needs to be addressed in the Security Considerations section of any draft that describes a recursive-to-authoritative encryption solution.

draft-ietf-dprive-dnsoquic addresses traffic analysis, but draft-ietf-dprive-unauth-to-authoritative does not. draft-rescorla-dprive-adox-latest addresses it somewhat. I'd like to suggest that text like this (or something similar) be added to draft-ietf-dprive-unauth-to-authoritative and draft-rescorla-dprive-adox-latest:


BEGIN
Encryption is one of several controls that can reduce the risk of disclosure of sensitive information. Resolver-to-authoritative DNS encryption will protect the DNS traffic exchanged between the resolver and the authoritative name server from being directly observed and/or modified by an adversary. However, as in other systems where encryption is deployed, implementers should also consider other ways in which the same or related information may also be exposed, and how to mitigate those risks. For example, encryption provides confidentiality protection for DNS query and response payloads between recursive resolvers and authoritative name servers, but iterative resolution makes it possible to perform traffic analysis using other, non-encrypted information that can be observed in subsequent iteration steps. The names and IP addresses of the name servers for most DNS zones are publicly available, so an attacker that can monitor traffic exchanged between a resolver and an authoritative name server will often be able to identify the zone of interest based on the IP address of the authoritative name server. Iterative resolution using destination IP addresses that were encrypted in a previous query makes it possible to identify the set of domains that might be associated with a query by observing the destination IP address and comparing that to the addresses and names found in publicly-available zone files. This risk can be reduced by limiting the number of queries sent to authoritative name servers using techniques such as hyperlocal root processing [RFC7706], NXDOMAIN cut processing [RFC8020], and aggressive DNSSEC caching [RFC8198].

The size of encrypted query and response packets can also be used to detect query patterns. The set of name servers and IP addresses returned in a response to a query changes infrequently, so the size of the DNS response for a specific set of name servers tends to stay the same during a given time period. The size of responses can be monitored to observe patterns associated with responses from specific name servers, and this information can be used to identify queries for specific domain names. This risk can be reduced by padding the record payload of TLS-protected responses to eliminate response size variability.

Additional traffic analysis considerations are described in a paper titled "Encrypted DNS =⇒ Privacy? A Traffic Analysis Perspective" [1].

[1] https://www.ndss-symposium.org/wp-content/uploads/2020/02/24301-paper.pdf
END

Scott

v2.23.0 | Report a Bug | By Email