Secure and Proactive DNS

安全且主动的 DNS

• 批准号: 0129627
• 负责人: Giuseppe Ateniese
• 金额: $ 36.63万
• 依托单位: Johns Hopkins University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-02-15 至 2006-01-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0129627&HistoricalAwards=false
• 关键词: Secure; Proactive; DNS

The Domain Name System (DNS) is a hierarchically distributeddatabase that provides information fundamental to Internetoperations, such as translating between human readable host namesand Internet Protocol (IP) addresses. Due to the importance ofthe information served by DNS, there is a strong demand forsecuring communication within the DNS system. The current(insecure) DNS does not prevent attackers from modifying orinjecting DNS messages. Users accessing hosts on the Internetrely on the correct translation of host names to IP addresses bythe DNS. A typical attack, referred to as DNS spoofing, allows anattacker to manipulate DNS answers on their way to the users.If an attacker makes changes in the DNS tables of a singleserver, those changes will propagate across the Internet as aviral infection. Increasingly, DNS is also being used to performload distribution among replicated servers. For instance,companies such as Akamai have used DNS to provide Web contentdistribution. Moreover, there is consensus that since DNS is aglobal and available database, it can be employed as a Public KeyInfrastructure (PKI) which would enable e-commerce applications.Securing DNS means providing data origin authentication andintegrity protection. Existing proposals for securing DNS aremainly based on public-key cryptography. In this proposal, the researcherdescribes a new approach based on standard symmetric (orsecret-key) cryptographic techniques. The researcher introduces the concept ofDNS symmetric certificate that are used to create a trusted pathfrom the DNS root server to a server that is authoritative for aportion of the DNS tree. This strategy is very similar to the oneintroduced by Davis and Swick and symmetric certificates can beseen as a sort of tickets in the Kerberos system which create atrusted path from the authentication server to the destinationserver going through the ticket-granting server. DNS symmetriccertificate are as manageable as public-key certificates with theexception that they cannot be shared, which is not generallyrequired in the DNS system. The project solution enables a wide range ofsecure services previously believed impractical or too difficultto manage, such as mutual authentication and key revocation.Moreover, the gain in terms of computational complexity, networktraffic, and storage requirements is impressive when comparedwith public-key cryptography based approaches. The research has clearideas on how to define a secure DNS system based on symmetric-keycryptography. The researcher proposes to build such a system and make publicthe prototype implementation.The second part of the proposed research, would focus on a stillunresolved problem: A DNS server represents a single point ofattack which could easily be compromised. The researcher would like toinvestigate the possibility to distribute the role of a singleDNS server among several servers. The research proposes a proactive DNSsystem that can survive component failures (whether malicious ornot) by combining standard techniques of decentralized storageand dynamic self-maintenance. The researchers approach would allow DNSservers to automatically recover from possible, undetectedbreak-ins and then maintain uninterrupted security. The researchers propose touse the proactive security model, which provides a method formaintaining the overall security of a system even when individualcomponents are repeatedly broken into and controlled by anattacker, as long as not too many servers are compromised at thesame time. The approach employed by the proactive security modelis to first distribute the cryptographic capabilities amongseveral servers, next have the server periodically engage in arefreshment protocol. Information gathered by an attacker beforea refreshment period becomes useless to attack the system in thefuture. The researcher proposes to define, and build, an architecture thatcombines decentralized storage system technologies, dataredundancy and encoding, and dynamic self-maintenance to createsurvivable DNS servers based on the proactive security model.

域名系统（DNS）是一个分层分布的数据库，为互联网操作提供基础信息，例如在人类可读的主机名和互联网协议（IP）地址之间进行转换。由于DNS所提供的信息的重要性，因此对DNS系统内通信的安全性有着强烈的需求。当前（不安全的）DNS不阻止攻击者修改或注入DNS消息。用户访问internet上的主机时，DNS将主机名正确地转换为IP地址。一种典型的攻击称为DNS欺骗，它允许攻击者在到达用户的途中操纵DNS应答。如果攻击者更改了单个服务器的DNS表，这些更改将作为病毒感染在Internet上传播。DNS也越来越多地用于在复制服务器之间执行负载分配。例如，像Akamai这样的公司已经使用DNS来提供Web内容分发。此外，由于DNS是全球可用的数据库，因此可以将其用作支持电子商务应用程序的公钥基础设施（PKI），这是一种共识。保护DNS意味着提供数据源认证和完整性保护。现有的DNS安全方案主要基于公钥加密。在本提案中，研究人员描述了一种基于标准对称（或秘密密钥）加密技术的新方法。研究人员引入了DNS对称证书的概念，该证书用于创建从DNS根服务器到DNS树部分授权服务器的可信路径。该策略与Davis和Swick引入的策略非常相似，对称证书可以被视为Kerberos系统中的一种票据，它创建了从身份验证服务器到目标服务器的可信路径，该路径经过票据授予服务器。DNS对称证书与公钥证书一样易于管理，唯一的区别是它们不能共享，这在DNS系统中通常不需要。该项目解决方案实现了以前认为不切实际或难以管理的广泛安全服务，例如相互认证和密钥撤销。此外，与基于公钥加密的方法相比，在计算复杂性、网络流量和存储需求方面的改进令人印象深刻。该研究对如何定义一个基于对称密钥加密的安全DNS系统有了明确的认识。研究人员建议建立这样一个系统，并公布原型实现。拟议研究的第二部分将集中在一个尚未解决的问题上：DNS服务器代表一个很容易被破坏的单点攻击。研究人员希望研究将单个dns服务器的角色分配给多个服务器的可能性。该研究提出了一种主动的分布式存储系统，通过结合分散存储和动态自我维护的标准技术，该系统可以在组件故障（无论恶意与否）中存活下来。研究人员的方法将允许dns服务器从可能的、未被发现的入侵中自动恢复，然后保持不间断的安全性。研究人员建议使用主动安全模型，它提供了一种方法来维护系统的整体安全，即使单个组件被攻击者反复入侵和控制，只要没有太多的服务器同时受到损害。主动安全模型采用的方法是首先在多个服务器之间分配加密功能，然后让服务器定期参与更新协议。攻击者在刷新时间之前收集到的信息，对于以后的攻击是无用的。研究人员提出，基于主动安全模型，定义并构建一种将分散存储系统技术、数据冗余和编码、动态自我维护相结合的架构，以创建可生存的DNS服务器。