home
projects
people
papers
awards
seminars
visitor information
internal
 
Computer Science Department
U C Davis
Comments
Contact Security Lab
SECURITY LAB SEMINAR
May 13, 1999
1-2pm
1131 EU II

Steven Cheung ² Protecting Domain Name Systems (DNS)

Slides (Postscript/PDF)

  1. What is DNS?
  2. Two Security Problems of DNS
    1. Cache poisoning 
    2. Lack of data authentication. 
    3. Question:
      1. DOB: Valid and invalid really means "real" and "bogus"?
      2. SC: That's right.
  3. Our Approach: Detection ² Response
    1. Declare threats
    2. Declare Goals
    3. Develop DNS model
    4. Design wrapper
    5. Use formal specification.
  4. Wrapper Specification (in VDM)
    1. Formally specify everything including the message format.
    2. Translation table ² function of wrapper is to do query ID system ² BIND 4.9.5 uses a deterministic approach in generating query ID.
    3. DNS wrapper also wants to make sure info in DNS response is authoritative.
    4. Questions:
      1. DOB: Are you limited anything that comes back in the packet?
      2. SC: We assume there is a very weak model for name server. 
      3. DOB: Does your model limit the answer?
      4. SC: No it doesnşt do that. It is up to the protected name server to discard what it doesnşt need.
      5. DOB: Would that change your model?
      6. SC: I was thinking about DOS; response can be overwhelming enough to cause a Denial of Service. I havenşt pursued that direction.
  5. Experiments
    1. Prototype of DNS wrapper ² works for BIND release 4.9.5
    2. Goal ² measure response time, false positive rate, false negative rate, and computational overhead.
    3. Questions:
      1. SM: What is a false positive?
      2. SC: Something is reported, but is not actually an attack. 
      3. SM: What is an example? Name server will not give info that is not authoritative?
      4. SC: Not consistent with authoritative sources.
    4. Experimental procedure:
      1. Recorded CPU time used by rapid name server. 0.08 with wrapper up to 0.12 seconds.
      2. Increase in CPU time is 20%.
      3. Average number of false positives 5.85/1340.
        1. Among these false positives, most donşt correspond to real false positives ² they are caused by misconfiguration of external name servers.
        2. The wrapper makes sure that information is absolutely correct wrt authoritative sources, but false positives may cause problems to users.
  6. False Negatives
    1. 4 kinds of attacks ² try to send incorrect information ².
    2. Questions:
      1. NP: For the second and third attacks, how is the name server involved in the transaction?
      2. SC: A DNS client queries the victim name server and causes the victim server to query our bad name server. The bad server answers the query and add bogus data for which the victim is authoritative.