Perils of Transitive Trust in the Domain Name System
Venugopalan Ramasubramanian
Emin Gün Sirer
Cornell University
How to 0wn the Internet in Your Spare Time? Part 2
Venugopalan Ramasubramanian
Emin Gün Sirer
Cornell University
Introduction• DNS is critical to the Internet
• DNS architecture is based on delegations– control for names is delegated to name
servers designated by the name owner
• delegations facilitate high scalability and decentralized administration– what about security?
sprintlink.nettelemail.net
sprintip.com
Dependencies for www.fbi.gov
vericenter.com
gov.zoneedit.comzoneedit.com
dns[,2].sprintip.com ns[3,4,5,6].vericenter.com
fbi.gov
gov
comgtld-servers.net
nstld.comnet
zoneedit.comroot
www.fbi.gov
Subtle Dependencies in DNS
• www.fbi.gov86 servers, 17 domains
• www.cs.cornell.educs.rochester.edu cs.wisc.edu itd.umich.edu48 nameservers, 20 domains
• DNS dependencies are subtle and complex• are administrators aware of what they depend on?• increases risk of domain hijacks
Servers with Security Loopholes
www.cs.cornell.edu [slate,cayuga].cs.rochester.edu
source: internet systems consortium (www.isc.org)
dns[,2].sprintip.com ns[3,4,5,6].vericenter.com
fbi.gov
ns[1,2,3]-auth.sprintlink.netreston-ns[1,3].telemail.netreston-ns[2].telemail.net
sprintip.comwww.fbi.gov
Survey Goals
1. Which domain names have large dependencies and entail high risk?
2. Which domains are affected by servers with known security holes and can be easily taken over?
3. Which servers control the largest portion of the namespace and are thus likely to be attacked?
Survey Methodology
• 593160 domain names (Yahoo and Dmoz.org)• 166771 name servers• 535036 domains, 196 top-level-domain
Most Vulnerable Names
Number of Dependencies
2226Median
342604Max
6846Mean
Top 500All
Most Vulnerable Names 307 306
46 46 44 44 43 37 33 320
100
200
300
400
aero int mil info edu biz gov org net com466
390 366 353 349
15 15 15 8 50
100200300400500
ua by sm mt my mx hm jp bh tk
Vulnerability to Security Flaws
• survey of BIND version numbers
• 17% of servers have known loopholes [ISC]
• 45% of names are not totally safe
• security through obscurity!
– more than 40% of servers hide version numbers– 19/46 reports for cs.cornell.edu and 18/86 for fbi.gov
Vulnerability
Vulnerability to Security Flaws
Critical Assets
Most Valuable Nameservers
arizona.edu
ucla.edu
uoregon.edu
nyu.edu
berkeley.edu
Top 5 Domains
Conclusions
• Domain names have subtle dependencies– name-based delegations
• High risk of domain hijacks– well-known software loopholes– leading to more effective phishing attacks
http://www.cs.cornell.edu/people/egs/beehive/codons.php
DNS-SEC
• Security Standard for DNS based on public-key cryptography and digitally signed certificates
• Not widely used currently
– security at delegation points
– authenticated denials
– islands of security
• Does not eliminate name-based delegations
DNS Bottlenecks
Safe Bottlenecks
Safety
Dependencies
Critical Assets 2
Dependencies for www.fbi.govwww.fbi.gov
fbi.edgesuite.neta33.g.akamai.net
ns[1-6].vericenter.com
vericenter.com
govgov.zoneedit.com
zoneedit.com
zoneedit.comcom
gtld-servers.netnstld.comnet
edgesuite.netakam.net
g.akamai.netakamai.net
akamaitech.net
dns[,2].sprintip.com ns[3,4,5,6].vericenter.com
fbi.gov
ns[1,2,3]-auth.sprintlink.netreston-ns[1,2,3].telemail.net
sprintip.com