[DNSOP] Evaluation of NSEC3-encloser attack
Haya Shulman <haya.shulman@gmail.com> Mon, 25 March 2024 08:28 UTC
Return-Path: <haya.shulman@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93070C14F699 for <dnsop@ietfa.amsl.com>; Mon, 25 Mar 2024 01:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYCKotNTSGX5 for <dnsop@ietfa.amsl.com>; Mon, 25 Mar 2024 01:28:54 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79B7BC14F696 for <dnsop@ietf.org>; Mon, 25 Mar 2024 01:28:54 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id ffacd0b85a97d-3417a3151c4so3711669f8f.3 for <dnsop@ietf.org>; Mon, 25 Mar 2024 01:28:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711355331; x=1711960131; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=nnXwn2oP85CepycPjfTeeqJ6J6rVLpO0py/FLD9TdKg=; b=StRbkGSZjhQFPmpJkBzjtkfJf6LfwConOcr2BLCPuhEF0s2DWYCfIj8OOS6Xx58YdQ fJqacwVPcWG6+RWRy/kGVP+hQGwEI2ylgUEBSgjcw6h1WCDTVYOMtusvt67NSTQDnEcJ cmM51VwXnhCTORVIo5E8ppcIYDslH7JqjyzZoB2yXImhmDSu3o3jEzSuXmIkU1yDbBi0 71A45hRaqyLZD4+mrHp54FtuSHU22ry8ZfVPQRMSDdDODwsGjV0ZXj/Tu8TTsb7n4lO8 OeiyztU/6knrJGZz1mTT6eJizKj4B29SP6fizvW35r3pyCA7fi1UUnrEYk7gYg9gQIsr QDAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711355331; x=1711960131; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=nnXwn2oP85CepycPjfTeeqJ6J6rVLpO0py/FLD9TdKg=; b=f+hhtg1fjvqvYQ3QM20i7zMvbXFwZ7cpqayG2PmlDzkK2JJwLRMCNmVfxiK7I5OClQ R0HFMhqRpzDCHILXsXINRx+85AxOyQ8nW8GiwkTsK4/lqGJAWBlvnoo8Gl+Wtp8IZZl/ ETvMB52DfKxsaoWP87R6DJFESjz7t9AVqaUV/YVb/7MeM5vcErli6EfLWizc40i8gck+ Q51uSbg10evTxlddyr+IDtQJF1xH3UHNHN/oTvyaKRAj26V0nNbJCkSog4nDuOv1XdbE cYzMS7peYy1Nwoz8LzSRQPLYrsiL26jogjjJh2AHVnpz9gtYmgfeqs1HqUe+cPcO0lqM nn4A==
X-Gm-Message-State: AOJu0Yx8DytAnAQ5hKitMq+pgENiZluOa3PB87Z7tFgK67SRFmDrBV34 D7FH6WJSkHTjR33jMk1fSVf7wH9+1j2NLGK2bpsCGB1EKiDNU8hC6H7GMfbQItbTE1LB5RlF2Fb KhT8NlsemzbOHUkIQh6/d9WFh58l99/i4
X-Google-Smtp-Source: AGHT+IEswgO8Z1dnSc1z9bgw7V7v46UCHHsNl9G5Ws/zqeg8LGptJ4uYwjpQZs6vDy8zcWwh6JUicYLJBAfxqu5puyw=
X-Received: by 2002:a5d:6a44:0:b0:33f:6ec1:56dd with SMTP id t4-20020a5d6a44000000b0033f6ec156ddmr5157420wrw.45.1711355331091; Mon, 25 Mar 2024 01:28:51 -0700 (PDT)
MIME-Version: 1.0
References: <CAKaJYMCB=U8kKdo2Rq6zyjm3Pp4KUAeORDmUo_jFmJMoke++ew@mail.gmail.com>
In-Reply-To: <CAKaJYMCB=U8kKdo2Rq6zyjm3Pp4KUAeORDmUo_jFmJMoke++ew@mail.gmail.com>
From: Haya Shulman <haya.shulman@gmail.com>
Date: Mon, 25 Mar 2024 09:28:15 +0100
Message-ID: <CAKaJYMCFL4iTwNpp1Ghq+w7GfQ_TY6ynVY9VaGGmKwYbV0_4Pw@mail.gmail.com>
To: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="0000000000009825f2061477f6ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hD-8YSlHBAiotg0aumgCmdWh5XI>
Subject: [DNSOP] Evaluation of NSEC3-encloser attack
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 08:28:58 -0000
Dear researchers, operators and developers, Recently two attack vectors exploiting vulnerabilities in DNSSEC to launch Denial of Service (DoS) against DNS resolvers were publicly disclosed: KeyTrap and NSEC3-encloser attack. Both issues were assigned a CVE ID by MITRE: KeyTrap CVE-2023-50387 and NSEC3-encloser CVE-2023-50868. Both attacks proceed as follows: The adversary sets up a domain that it controls and creates a zonefile with specially crafted DNSSEC records. The adversary causes the target DNS resolver to issue DNS requests to a nameserver in its domain, and creates responses. To stall a Bind9 resolver for 16 hours leading to 100% packet loss, one response that encodes a KeyTrap attack is sufficient. As a result of a KeyTrap packet the CPU instruction count on a resolver increases by a factor of 2.000.000x. In contrast, our evaluations of an NSEC3-encloser attack in [1] show that an attack rate of 150 DNS responses per second is required to cause a 5.1% loss of benign packets against Bind9, causing a modest 41x increase of CPU instruction count on Bind9. Increasing the rate of the attack beyond that volume creates too much load on the resolvers leading to packet loss due to system load and not due to specifics of NSEC3 attack. To create packet loss over a longer period that goes beyond one second, the attacker has to constantly send attack packets at a rate of hundreds of packets per second. Our evaluations demonstrate that the two attack vectors are fundamentally different from the perspective of their practical impact: KeyTrap introduces a realistic immediate threat for exploitation by hackers. In contrast, with NSEC3-encloser attack a comparable load on resolvers is not possible, not only that with a single NSEC3-encloser attack no packet is lost, but also no latency is introduced to the resolvers. The high volume of NSEC3-encloser attack traffic, of more than hundreds of packets per second, makes the NSEC3-encloser attack visible. Therefore, the high attack volume in tandem with the meager benefit for adversaries (only a small fraction of benign packets dropped) implies that such attacks do not pose a practical threat. Although we do not expect to see NSEC3-encloser attacks in practice, the topic of zone privacy still requires attention from the researchers, developers and operators, specifically the tradeoff of ensuring privacy against zone enumeration attacks vs. load on resolvers. More details can be found in our paper [1]. [1] https://arxiv.org/pdf/2403.15233.pdf Best, Haya Schulmann
- [DNSOP] Evaluation of NSEC3-encloser attack Haya Shulman
- [DNSOP] Research of real-life abuse of dangling D… Haya Shulman