Security Implications of Insecure DNS Usage in the Internet

The Domain Name System (DNS) provides domain-to-address lookup-services used by almost all internet applications. Because of this ubiquitous use of the DNS, attacks against the DNS have become more and more critical. However, in the past, studies of DNS security have been mostly conducted against individual protocols and applications. In this thesis, we perform the first comprehensive evaluation of DNS-based attacks against a wide range of internet applications, ranging from time-synchronisation via NTP over internet resource management to security mechanisms. We show how to attack those applications by exploiting various weaknesses in the DNS. These attacks are based on both, already known weaknesses which are adapted to new attacks, as well as previously unknown attack vectors which have been found during the course of this thesis. We evaluate our attacks and provide the first taxonomy of DNS applications, to show how adversaries can systematically develop attacks exploiting the DNS. We analyze the attack surface created by our attacks in the internet and find that a significant number of applications and systems can be attacked. We work together with the developers of the vulnerable applications to develop patches and general countermeasures which can be applied by various parties to block our attacks. We also provide conceptual insights into the root causes allowing our attacks to help with the development of new applications and standards. The findings of this thesis are published in in 4 full-paper publications and 2 posters at international academic conferences. Additionally, we disclose our finding to developers which has lead to the registration of 8 Common Vulnerabilities and Exposures identifiers (CVE IDs) and patches in 10 software implementations. To raise awareness, we also presented our findings at several community meetings and via invited articles

DETERMINING THE INFLUENCE OF THE NETWORK TIME PROTOCOL (NTP) ON THE DOMAIN NAME SERVICE SECURITY EXTENSION (DNSSEC) PROTOCOL

Recent hacking events against Sony Entertainment, Target, Home Depot, and bank Automated Teller Machines (ATMs) fosters a growing perception that the Internet is an insecure environment. While Internet Privacy Concerns (IPCs) continue to grow out of a general concern for personal privacy, the availability of inexpensive Internet-capable mobile devices increases the Internet of Things (IoT), a network of everyday items embedded with the ability to connect and exchange data. Domain Name Services (DNS) has been integral part of the Internet for name resolution since the beginning. Domain Name Services has several documented vulnerabilities; for example, cache poisoning. The solution adopted by the Internet Engineering Task Force (IETF) to strengthen DNS is DNS Security Extensions (DNSSEC). DNS Security Extensions uses support for cryptographically signed name resolution responses. The cryptography used by DNSSEC is the Public Key Infrastructure (PKI). Some researchers have suggested that the time stamp used in the public certificate of the name resolution response influences DNSSEC vulnerability to a Man-in-the-Middle (MiTM) attack. This quantitative study determined the efficacy of using the default relative Unix epoch time stamp versus an absolute time stamp provided by the Network Time Protocol (NTP). Both a two-proportion test and Fisher’s exact test were used on a large sample size to show that there is a statistically significant better performance in security behavior when using NTP absolute time instead of the traditional relative Unix epoch time with DNSSEC

Bootstrapping Cryptography on the Internet

This thesis focuses on bootstrapping cryptography, taking it from a theoretical algorithm to something we can use on the Internet. We summarize the requirement and define five pillars that build the foundation of successfully deployed cryptographic algorithms: computational performance, usability, transport, key management, and randomness. While there is a lot of research around the computational performance and usability of cryptographic algorithms, we focus on the other pillars. For transport, we explore two obstacles that interfere with the development of practical, real-world secure computation applications. We show the importance of the selection of suitable transport layers. Our evaluations show how Transmission Control Protocol (TCP) does not fully utilize the bandwidth for Two Party Computation (2PC) implementations. We evaluate three transport layers protocols for different applications and show that no protocol is suited for every scenario. In our evaluations, we use various protocols and network conditions in multiple regions to highlight the effects on the performance of 2PC applications. We propose an extendable framework that integrates the (initially) three transport layer protocols: User Datagram Protocol (UDP), TCP, and UDP-based Data Transfer Protocol (UDT). The framework's task is to identify the most suitable transport layer protocol depending on the current TCP application and the network conditions. For key management, we show how to manipulate a domain validation mechanism. We developed a BGP simulator to evaluate BGP paths on the Internet. Our simulator is high performant and respects relationships between CAs. In combination with our simulator, we analyze the resilience of the domains ecosystem to attacks against domain validation. Our measurements show that the domains ecosystem is not resilient to prefix hijacks and reveal that only a few ASes own most domains. We discuss possible mitigations and propose the distributed domain validation as a drop-in replacement for the standard domain validation. It allows strong resistance against MitM attackers. Additionally, we show that many IPs are anycast which is beneficial for distributed domain validation. We also analyze the validations agents' placement on the Internet and demonstrate a method to determine good ASes for agent placement. For randomness, we propose an alternative approach for generating pseudorandom strings, using the distributed nature of the Internet for collecting randomness from public services on the Internet. We develop our Distributed Pseudorandom Generator (DPRG) and demonstrate how it guarantees security against strong practical attackers and how it addresses the main shortcomings in existing PRGs. It uses AES encryption in CBC mode and an HDKF to extract randomness and inputs for handshakes. We analyze the distribution of different randomness sources like HTTP, SMTPS, SSH, and TOR and present an implementation of DPRG using the TOR network. We analyze the quality of randomness and performance of our DPRG and show that we can achieve highly secure randomness only from user space

Availability, Integrity, and Confidentiality for Content Centric Network internet architectures

The Internet as we know it today, despite being ``the result of a series of accidents of choices'' in Prof. Jon Crowcroft's words, has undoubtedly been an amazing success story. However, it has been constantly challenged by the demands of the overwhelming evolution of data traffic types, non-functional needs of applications and users, and device diversity. The phrase ``future internet architecture'' can be interpreted as referring to a revised set of design principles. As Dr David Clark rightfully suggested, we need to ``allow for the future in the face of the present''. Content Centric Networking (CCN) is one of the candidates for a future internet architecture. Security is one of the most significant considerations while designing a future internet architecture. Availability, Integrity, and Confidentiality (AIC) are considered the three most crucial components of security: 1) availability is the assurance of continuous, reliable, and uninterrupted access to the information by authorized people, 2) integrity is the preservation of information and prevention of any change in it caused via accident or malicious intent, and 3) confidentiality is the ability to keep the information secret from unintended audience, intruders, and adversaries. This thesis discusses AIC related security threats and corresponding remedies for Named Data Networking (NDN) which is a promising example of CCN. It also presents a system dynamics modelling approach to bridge the gap between the technical solutions and business strategy by quantifying some of the qualitative variables salient to technology architects, policymakers, lawmakers, regulators, and internet service providers for the design of a future-proof internet architecture