Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

DNSSEC for cyber forensics

: Shulman, Haya; Waidner, Michael

Volltext (PDF; )

EURASIP journal on information security 2014 (2014), Art. 16, 14 S.
ISSN: 1687-4161
ISSN: 1687-417X
Zeitschriftenaufsatz, Elektronische Publikation
Fraunhofer SIT ()
DNS cache poisoning; domain hijacking; cyber attacks; cyber security

Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users activities for censorship, to distribute malware and spam and to subvert correctness and availability of Internet clients and services. Currently, the DNS infrastructure relies on challenge-response defences against attacks by (the common) off-path adversaries. Such defences do not suffice against stronger, man-in-the-middle (MitM), adversaries. However, MitM is not believed to be common; hence, there seems to be little motivation to adopt systematic, cryptographic mechanisms. We show that challenge-response do not protect against cache poisoning. In particular, we review common situations where (1) attackers can frequently obtain MitM capabilities and (2) even weaker attackers can subvert DNS security. We also experimentally study dependencies in the DNS infrastructure, in particular, dependencies within domain registrars and within domains, and show that multiple dependencies result in more vulnerable DNS. We review domain name system security extensions (DNSSEC), the defence against DNS cache poisoning, and argue that not only it is the most suitable mechanism for preventing cache poisoning but it is also the only proposed defence that enables a posteriori forensic analysis of attacks.