IETF Logo Mail Archive

Re: [perpass] DNS confidentiality

manning bill <bmanning@isi.edu> Sat, 28 September 2013 10:02 UTC

Return-Path: <bmanning@isi.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FECF11E812C for <perpass@ietfa.amsl.com>; Sat, 28 Sep 2013 03:02:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sbo4qkRmjcyb for <perpass@ietfa.amsl.com>; Sat, 28 Sep 2013 03:02:41 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 315D911E812D for <perpass@ietf.org>; Sat, 28 Sep 2013 03:02:38 -0700 (PDT)
Received: from [192.168.1.16] (host-74-211-92-12.beyondbb.com [74.211.92.12]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id r8SA1rCQ008028 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 28 Sep 2013 03:02:05 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="windows-1252"
From: manning bill <bmanning@isi.edu>
In-Reply-To: <001b01cebbb6$d5565550$8002fff0$@rozanak.com>
Date: Sat, 28 Sep 2013 03:02:03 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <C25E0D41-CDCB-4E53-8661-53E5F0E2B47E@isi.edu>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com> <006a01ceb96a$335c1df0$9a1459d0$@rozanak.com> <1380137874.48631.YahooMailNeo@web125502.mail.ne1.yahoo.com> <005901ceba2a$f854c1a0$e8fe44e0$@rozanak.com> <1380218914.85280.YahooMailNeo@web125502.mail.ne1.yahoo.com> <003901cebba5$b2762c10$17628430$@rozanak.com> <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com> <001b01cebbb6$d5565550$8002fff0$@rozanak.com>
To: Hosnieh Rafiee <ietf@rozanak.com>
X-Mailer: Apple Mail (2.1283)
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: bmanning@isi.edu
Cc: 'perpass' <perpass@ietf.org>, 'Karl Malbrain' <malbrain@yahoo.com>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2013 10:02:46 -0000

you are conflating routing security/authentication with DNS service opaque capabilities.
there already exist a number of methods for securing the DNS channel,  [SIG(0), TSIG, DNSCurve…]
and we can add your technique to the list.   

protecting the service is very different than protecting the channel.

/bill


On 27September2013Friday, at 12:21, Hosnieh Rafiee wrote:

> 
>  
>> 1.  Passive surveillence of traffic going to DNS resolvers yielding
> meta-data.
> 
> Again not possible, at least not in IPv6 if your resolvers and recursive
> resolvers are using cga-tsig. The signature and the CGA/SSAS algorithm
> prevent it.
>  
>> 2.  MITM who inserts himself between a particular DNS client and a
> particular DNS resolver, and provids false addresses and certificates for
> use in MITM attacks.
> 
> Again this is not possible if you are using cga-tsig.
> 
>  
>> 3. A larger adversary who installs his own DNS resolver for a given
> geographic area by controlling the traffic at the router level into and out
> of that area to redirect DNS traffic to his DNS resolver, and then inserts
> MITM attacks on any connection out of the area he desires by supplying bogus
> addresses and/or server certificates.
> 
> If you are using SeND with SSAS or centralized RPKI you can retrieve and
> verify your router in a local link. RA can include the
> (http://tools.ietf.org/html/rfc6106) DNS server options. This means that you
> receive a signed message from a router that was previously authorized via
> the centralized local RPK1. I am not sure whether or not DHCPv6 also
> includes security approaches that can be used for authentication. I believe
> that there was a draft about secure authentication using CGA in DHCPv6 as
> well.
> You can also us a scenario, like SSL, to verify your router certificate
> where the client has already configured the list of CAs.
> 
>   
>> The client is trying to retrieve the IP address and public key for an
> arbitrary server from the DNS resolver.  This is subject to MITM attack.
> 
> I guess that you did not quite understand the reasoning behind CGA and that
> is why you are asking a question about an issue that I have already
> explained. Your client retrieves this IP address from the RA message that is
> generated by the use of SeND with the DNS RA option (. Since this RA message
> is already signed and we assume that this client has already verified this
> router (centralized local RPKI that is explained in SSAS or other RPKI
> approaches) the attacker has no way of spoofing this message as it cannot
> spoof the content (due to the signature) and it cannot spoof the public key
> due to the binding between the public key and the source IP address
> 
> 
>> How does this prevent MITM from inserting himself between the client and
> the resolver on the first connection to the resolver?
> 
> Your node already knows the IP address of your resolver.
>  
>>  This is actually a capability of CGA (RFC 3972) or SSAS
>> (http://tools.ietf.org/html/draft-rafiee-6man-ssas ),  which also provides
>> for the proof of address ownership. So, the client stores the public key of
>> the resolver in its cache. It will subsequently not accept any messages
> from
>> attackers.
>  
>> What if the public key being stored belongs to MITM and not the resolver?
> All client traffic is going to MITM.
> 
> As I explained, you retrieve the IP address of your DNS server using a safe
> means after having authorized your router in the local link. Now if your
> MITM node is somewhere in the other network and tries to intercept the
> connection between your node and the resolver, since you node already knows
> the IP address of the resolver, it will reject the connection because the
> CGA/SSAS verification process fails.
>  
>> Whom does the client "ask for the public key of the DNS server" from?  This
> is the step that is subject to MITM attack.
> 
> I guess I have already responded this.
> 
> 
> Hosnieh
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email