Less is More: Cipher-Suite Negotiation for DNSSEC

Presentation pdf 556KB

The DNSSEC standard is nally being gradually deployed,
to protect DNS from cache-poisoning attacks. However, we
identify an obvious and critical problem: DNSSEC does not
have support for cipher-suite negotiation. As a result, the
vast majority of domains rely on RSA 1024-bit cryptogra-
phy, which is already considered insecure. These widely-used
RSA signatures also result in larger signatures and keys,
compared to alternatives (e.g., based on elliptic-curves). Furthermore, domains, that want better security, have to support a number of cryptographic ciphers. As a result, DNSSEC responses are large and often fragmented, harming DNS
functionality, and causing ineciency and vulnerabilities.
We present a cipher-suite negotiation mechanism for DNSSEC,
allowing name-servers to send responses containing only the
keys and signatures that correspond to the cipher-suite op-
tion negotiated with the resolver, rather than sending all
the signatures and keys (as is done currently). Our design
is resilient to downgrade attacks, which recently, TLS was
shown to be vulnerable to.
We also show that cipher-suite negotiation solves the interoperability problems with DNSSEC-signed responses, and
prevents reflection and cache poisoning attacks.
We implemented our proposed design as user-space mod-
ules and evaluated it with standard Bind-9.9.3 DNS software
and existing signed zones in the Internet.

Author(s):

Amir Herzberg    
Bar-Ilan University
Israel

Haya Shulman    
Technische Universität Darmstadt
Germany

Bruno Crispo    
University of Trento
Italy