security Blackhat USA 2022: DNSSEC Downgrade Attacks

[Future Sensors]

Haya Shulman | Professor, Goethe-Universität Frankfurt und Fraunhofer SIT
Elias Heftrig | Security Researcher, ATHENE; Fraunhofer SIT
Michael Waidner | Professor for Computer Science, Technische Universität Darmstadt

Date: Thursday, August 11 | 2:30pm-3:00pm ( Islander FG (Level 0 - North Hall) )
Format: 30-Minute Briefings
Tracks: Cryptography, Network Security

In this talk, we show that the cryptographic agility in DNSSEC, although critical for making DNS secure with strong cryptography, also introduces a severe vulnerability. We demonstrate that adversaries, by manipulating the cryptographic material in signed DNS responses, can reduce the security level provided by DNSSEC, or, even worse, prevent resolvers from validating DNSSEC at all. We experimentally and ethically evaluate our attacks against popular DNS resolver implementations, public DNS providers, and DNS services worldwide. We validate the success of DNSSEC-downgrade attacks by poisoning the resolvers: we inject fake records, from our own signed domains, into the caches of validating resolvers. Our findings show that major DNS providers, popular resolver implementations, and many other DNS services are vulnerable to our attacks.

https://www.blackhat.com/us-22/brie...bersecurity202#dnssec-downgrade-attacks-27359

 

[Paul]

He deanonymized himself by posting a link to a message with his name, it is still in the comments, anyone can follow the link he posted to identify him by his name.

If Alice links to a post by Bob, that does not imply any connection between Alice and Bob. I see several people commenting in that mailing list who I recognize, and it's not surprising that someone technically-inclined is following the IETF mailing list.

As an online community, NamePros sees its fair share of questionable logic, but the reasoning you're using here is objectively faulty. @Future Sensors is not the person you believe them to be.

 

[Paul]

I haven't seen the slides of this presentation yet, but I'm getting signals from the DNS community that what the authors claim in the talk is quite exaggerated (even misleading).

From reviewing the slides, it seems like the authors are suggesting that a viable attack involves opting for a lower, less secure signature algorithm. From my limited knowledge of DNSSEC, that seems viable. At the same time, the practical implications of defeating DNSSEC are limited in all but the most sensitive scenarios. The reality is that most clients aren't going out of their way to ensure that DNSSEC signatures are valid, so you if you can MITM between the resolver and the client (rather than between the resolver and the authoritative nameserver), you can have the same impact with less effort. Nevertheless, it's good that there are people pointing out the issues in DNSSEC, as DNSSEC is going to become more relevant now that DNS-over-TLS and DNS-over-HTTPS are receiving widespread support.

Downgrade attacks have long been an issue with SSL/TLS, so it shouldn't come as a surprise that the same problems arise with DNSSEC, which is a far simpler system. At the same time, if you're relying heavily on DNSSEC for authentication, you've probably got bigger issues.

[name removed by moderator] is sad the authors didnt take him on board! What kind of creep makes such posts? Now everyone in the DNS community sure will keep good distance from you We should ask the authors to post a note why they kicked you out, thou seeing your messages I can imagine why

Welcome to NamePros! It's really not appropriate to register here just to post arbitrary accusations. @Future Sensors is one of the more technical members of our community, and there are no shortage of people on NamePros who either work in the security industry or have close contact with people who do. We'd appreciate being able to discuss and critique research without facing unprofessional personal attacks.

Which brings me to a note about politics and security research: it's my personal opinion that security research is a public service and should be a community effort. If internal politics affected the research to such an extent that responsible parties find it necessary to post personal attacks on professional forums, it greatly discredits the research in the eyes of the community. I don't know whether you have any affiliation with the researchers behind this talk, but you are doing them a great disservice by defending their work based on anything but merit alone.

Good research is meant to intrigue peers, raise questions, and be critiqued. Questions often start in the form of vague statements of doubt. There's nothing wrong with that; it takes time and discussion to develop concrete questions. It's possible that this issue is more impactful than we understand at this point in time, but we're never going to find out if we don't discuss it.

Black Hat is a place to bring research into the spotlight--not to brag, but to prompt further research and discussion.

Also, I have no idea who [name removed by moderator] is, but I can say with a high degree of confidence that @Future Sensors isn't [name removed by moderator].

 

[Habbie]

I have met both [name removed by moderator] and @Future Sensors in person, and I can say with some conviction that they are entirely separate people

 

[Future Sensors]

I haven't seen the slides of this presentation yet, but I'm getting signals from the DNS community that what the authors claim in the talk is quite exaggerated (even misleading).

 

[Future Sensors]

More info (see also footnotes in the following email) -

https://lists.dns-oarc.net/pipermail/dns-operations/2022-August/021790.html

 

[Future Sensors]

@bob87 Welcome to NamePros. I'm not [name removed by moderator], but you're invited to participate in the relevant threads on dnsext and dns-operations where your presentation is discussed at the moment.

 

[bob87]

From reviewing the slides, it seems like the authors are suggesting that a viable attack involves opting for a lower, less secure signature algorithm. From my limited knowledge of DNSSEC, that seems viable. At the same time, the practical implications of defeating DNSSEC are limited in all but the most sensitive scenarios. The reality is that most clients aren't going out of their way to ensure that DNSSEC signatures are valid, so you if you can MITM between the resolver and the client (rather than between the resolver and the authoritative nameserver), you can have the same impact with less effort. Nevertheless, it's good that there are people pointing out the issues in DNSSEC, as DNSSEC is going to become more relevant now that DNS-over-TLS and DNS-over-HTTPS are receiving widespread support.

Downgrade attacks have long been an issue with SSL/TLS, so it shouldn't come as a surprise that the same problems arise with DNSSEC, which is a far simpler system. At the same time, if you're relying heavily on DNSSEC for authentication, you've probably got bigger issues.


Welcome to NamePros! It's really not appropriate to register here just to post arbitrary accusations. @Future Sensors is one of the more technical members of our community, and there are no shortage of people on NamePros who either work in the security industry or have close contact with people who do. We'd appreciate being able to discuss and critique research without facing unprofessional personal attacks.

Which brings me to a note about politics and security research: it's my personal opinion that security research is a public service and should be a community effort. If internal politics affected the research to such an extent that responsible parties find it necessary to post personal attacks on professional forums, it greatly discredits the research in the eyes of the community. I don't know whether you have any affiliation with the researchers behind this talk, but you are doing them a great disservice by defending their work based on anything but merit alone.

Good research is meant to intrigue peers, raise questions, and be critiqued. Questions often start in the form of vague statements of doubt. There's nothing wrong with that; it takes time and discussion to develop concrete questions. It's possible that this issue is more impactful than we understand at this point in time, but we're never going to find out if we don't discuss it.

Black Hat is a place to bring research into the spotlight--not to brag, but to prompt further research and discussion.

Also, I have no idea who [name removed by moderator] is, but I can say with a high degree of confidence that @Future Domains isn't [name removed by moderator].

He deanonymized himself by posting a link to a message with his name, it is still in the comments, anyone can follow the link he posted to identify him by his name. He was also the only one that posted nasty messages, that was sure no balanced "scrutiny of security research". He got "signals from the DNS community"? I checked the message he posted the link to and saw that he was the only one creating the signals. that didnt bother u? When I looked him up I found no DNS expert but a n00b. I stand up for what is right. I dont need to be associated with the authors to do that. I am against bullying and badmouthing people online.

 

[bob87]

From reviewing the slides, it seems like the authors are suggesting that a viable attack involves opting for a lower, less secure signature algorithm. From my limited knowledge of DNSSEC, that seems viable. At the same time, the practical implications of defeating DNSSEC are limited in all but the most sensitive scenarios. The reality is that most clients aren't going out of their way to ensure that DNSSEC signatures are valid, so you if you can MITM between the resolver and the client (rather than between the resolver and the authoritative nameserver), you can have the same impact with less effort. Nevertheless, it's good that there are people pointing out the issues in DNSSEC, as DNSSEC is going to become more relevant now that DNS-over-TLS and DNS-over-HTTPS are receiving widespread support.

Downgrade attacks have long been an issue with SSL/TLS, so it shouldn't come as a surprise that the same problems arise with DNSSEC, which is a far simpler system. At the same time, if you're relying heavily on DNSSEC for authentication, you've probably got bigger issues.


Welcome to NamePros! It's really not appropriate to register here just to post arbitrary accusations. @Future Sensors is one of the more technical members of our community, and there are no shortage of people on NamePros who either work in the security industry or have close contact with people who do. We'd appreciate being able to discuss and critique research without facing unprofessional personal attacks.

Which brings me to a note about politics and security research: it's my personal opinion that security research is a public service and should be a community effort. If internal politics affected the research to such an extent that responsible parties find it necessary to post personal attacks on professional forums, it greatly discredits the research in the eyes of the community. I don't know whether you have any affiliation with the researchers behind this talk, but you are doing them a great disservice by defending their work based on anything but merit alone.

Good research is meant to intrigue peers, raise questions, and be critiqued. Questions often start in the form of vague statements of doubt. There's nothing wrong with that; it takes time and discussion to develop concrete questions. It's possible that this issue is more impactful than we understand at this point in time, but we're never going to find out if we don't discuss it.

Black Hat is a place to bring research into the spotlight--not to brag, but to prompt further research and discussion.

Also, I have no idea who [name removed by moderator] is, but I can say with a high degree of confidence that @Future Domains isn't [name removed by moderator].

I dont know that guy nor the presenters. Personal relationships arent prerequisite for acting morally.

 

[bob87]

I haven't seen the slides of this presentation yet, but I'm getting signals from the DNS community that what the authors claim in the talk is quite exaggerated (even misleading).

[name removed by moderator]: you're getting "signals from the DNS community"? are you tripping? DNS community isnt aware of your existence... the "signals" are a product of your imagination The most dangerous people are those that think they are experts.... not only does this guy have no expertise but he is also totally messed up.

Authors: excellent work on DNS and I enjoyed the talk!!

 

[bob87]

More info (see also footnotes in the following email) -

[name removed by moderator] is sad the authors didnt take him on board! What kind of creep makes such posts? Now everyone in the DNS community sure will keep good distance from you We should ask the authors to post a note why they kicked you out, thou seeing your messages I can imagine why

 

[bob87]

I haven't seen the slides of this presentation yet, but I'm getting signals from the DNS community that what the authors claim in the talk is quite exaggerated (even misleading).

[name removed by moderator] - cant stand bullying creeps like u, u're pathetic. Posting false, misleading messages, out of jealousy. I checked u online: no expertise and no experience in DNS, but u recon u're qualified to badmouth others?