Re: [dns-privacy] [Ext] Security Considerations: Traffic Analysis
Paul Hoffman <paul.hoffman@icann.org> Mon, 16 August 2021 14:19 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2F153A14AF; Mon, 16 Aug 2021 07:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rH6uLv8goW7; Mon, 16 Aug 2021 07:19:17 -0700 (PDT)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05B6B3A1638; Mon, 16 Aug 2021 07:19:17 -0700 (PDT)
Received: from MBX112-W2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.5]) by ppa3.lax.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 17GEJFAY018062 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Aug 2021 14:19:15 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.15; Mon, 16 Aug 2021 07:19:14 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0858.015; Mon, 16 Aug 2021 07:19:14 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>
CC: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [Ext] [dns-privacy] Security Considerations: Traffic Analysis
Thread-Index: AdeSlga+jApWtBQ/RqOdFIqCjVWIHwATlWWA
Date: Mon, 16 Aug 2021 14:19:13 +0000
Message-ID: <6B093849-B681-40CD-BBFB-4A97D6057E3C@icann.org>
References: <b7bdb0aded484ffc86a7ab58ab9115a8@verisign.com>
In-Reply-To: <b7bdb0aded484ffc86a7ab58ab9115a8@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_03F39403-CC10-4A37-B08C-E245BD5FD19A"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-16_05:2021-08-16, 2021-08-16 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/XIolMdrOR-N1ynuhJyhDteJV24A>
Subject: Re: [dns-privacy] [Ext] Security Considerations: Traffic Analysis
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 14:19:22 -0000
On Aug 16, 2021, at 5:14 AM, Hollenbeck, Scott <shollenbeck=40verisign.com@dmarc.ietf.org> wrote: > > The iterative nature of recursive resolution gives an on-path monitor multiple opportunities to observe query traffic between a recursive resolver and an authoritative name server. Even with encryption, the name server IP addresses can be used to draw accurate conclusions about qnames by matching IP addresses to name servers identified in publicly available zones. This is something that needs to be addressed in the Security Considerations section of any draft that describes a recursive-to-authoritative encryption solution. > > draft-ietf-dprive-dnsoquic addresses traffic analysis, but draft-ietf-dprive-unauth-to-authoritative does not. draft-rescorla-dprive-adox-latest addresses it somewhat. I'd like to suggest that text like this (or something similar) be added to draft-ietf-dprive-unauth-to-authoritative and draft-rescorla-dprive-adox-latest: > > > BEGIN > Encryption is one of several controls that can reduce the risk of disclosure of sensitive information. Resolver-to-authoritative DNS encryption will protect the DNS traffic exchanged between the resolver and the authoritative name server from being directly observed and/or modified by an adversary. However, as in other systems where encryption is deployed, implementers should also consider other ways in which the same or related information may also be exposed, and how to mitigate those risks. For example, encryption provides confidentiality protection for DNS query and response payloads between recursive resolvers and authoritative name servers, but iterative resolution makes it possible to perform traffic analysis using other, non-encrypted information that can be observed in subsequent iteration steps. The names and IP addresses of the name servers for most DNS zones are publicly available, so an attacker that can monitor traffic exchanged between a resolver and an authoritative n > ame server will often be able to identify the zone of interest based on the IP address of the authoritative name server. Iterative resolution using destination IP addresses that were encrypted in a previous query makes it possible to identify the set of domains that might be associated with a query by observing the destination IP address and comparing that to the addresses and names found in publicly-available zone files. This risk can be reduced by limiting the number of queries sent to authoritative name servers using techniques such as hyperlocal root processing [RFC7706], NXDOMAIN cut processing [RFC8020], and aggressive DNSSEC caching [RFC8198]. > > The size of encrypted query and response packets can also be used to detect query patterns. The set of name servers and IP addresses returned in a response to a query changes infrequently, so the size of the DNS response for a specific set of name servers tends to stay the same during a given time period. The size of responses can be monitored to observe patterns associated with responses from specific name servers, and this information can be used to identify queries for specific domain names. This risk can be reduced by padding the record payload of TLS-protected responses to eliminate response size variability. > > Additional traffic analysis considerations are described in a paper titled "Encrypted DNS =⇒ Privacy? A Traffic Analysis Perspective" [1]. > > [1] https://www.ndss-symposium.org/wp-content/uploads/2020/02/24301-paper.pdf > END This seems misplaced. The act of encrypting recursive to authoritative does not add any more considerations for "other ways in which the same or related information may also be exposed, and how to mitigate those risks". Instead of listing just a few privacy considerations, wouldn't it be better to have the reader go to the more complete list in RFC 8932 and RFC 9076? --Paul Hoffman
- [dns-privacy] Security Considerations: Traffic An… Hollenbeck, Scott
- Re: [dns-privacy] Security Considerations: Traffi… Paul Wouters
- Re: [dns-privacy] Security Considerations: Traffi… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Security Considerations: … Paul Hoffman
- Re: [dns-privacy] [Ext] Security Considerations: … Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Security Considerations: … Paul Hoffman
- Re: [dns-privacy] [Ext] Security Considerations: … Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Security Considerations: … Paul Wouters
- Re: [dns-privacy] [Ext] Security Considerations: … Hollenbeck, Scott