Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Cryptanalysis of FNV-Based cookies

: Klein, A.; Shulman, H.; Waidner, M.


Institute of Electrical and Electronics Engineers -IEEE-:
GLOBECOM 2020, IEEE Global Communications Conference. Proceedings : Virtual Conference, 7-11 December 2020
Piscataway, NJ: IEEE, 2020
ISBN: 978-1-7281-8299-5
ISBN: 978-1-7281-8298-8
Global Communications Conference (GLOBECOM) <2020, Online>
Fraunhofer SIT ()

DNS cookies is a recently standardised proposal of the IETF meant to protect DNS against off-path cache poisoning attacks. In contrast to other defences for DNS, DNS cookies is a lightweight mechanism, is easy to deploy and does not introduce overhead on the DNS servers. In this work we demonstrate off-path attacks allowing to circumvent the DNS cookies mechanism and impersonate legitimate Internet sources, exposing the DNS servers to cache poisoning and amplification reflection DoS attacks. We implement and evaluate the attacks, and provide recommendations for countermeasures.