Name
Abstract | ||
|---|---|---|
DNS cache poisoning is a stepping stone towards advanced (cyber) attacks, and can be used to monitor users' activities, for censorship, to distribute malware and spam, and even to subvert correctness and availability of Internet networks and services. The DNS infrastructure relies on challenge-response defences, which are deemed effective for thwarting attacks by (the common) off-path adversaries. Such defences do not suffice against stronger adversaries, e.g., man-in-the-middle (MitM). However, there seems to be little willingness to adopt systematic, cryptographic mechanisms, since stronger adversaries are not believed to be common. In this work we validate this assumption and show that it is imprecise. In particular, we demonstrate that: (1) attackers can frequently obtain MitM capabilities, and (2) even weaker attackers can subvert DNS security. Indeed, as we show, despite wide adoption of challenge-response defences, cache-poisoning attacks against DNS infrastructure are highly prevalent. We evaluate security of domain registrars and name servers, experimentally, and find vulnerabilities, which expose DNS infrastructure to cache poisoning. We review DNSSEC, the defence against DNS cache poisoning, and argue that, not only it is the most suitable mechanism for preventing cache poisoning attacks, but it is also the only proposed defence that enables a-posteriori forensic analysis of attacks. Specifically, DNSSEC provides cryptographic evidences, which can be presented to, and validated by, any third party and can be used in investigations and for detection of attacks even long after the attack took place. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/SPW.2014.20 | IEEE Symposium on Security and Privacy Workshops |
Keywords | Field | DocType |
cache storage,computer crime,cryptographic protocols,digital forensics,digital signatures,invasive software,DNS cache poisoning attacks,DNS infrastructure,DNS security,DNSSEC,Internet networks,Internet services,MitM capabilities,a-posteriori forensic analysis,advanced cyber attacks,attacks detection,censorship,challenge-response defences,cryptographic evidences,cryptographic mechanisms,digital signature,domain registrars,malware,man-in-the-middle,name servers,spam,thwarting attacks,users activities monitoring,DNS cache-poisoning,DNSSEC,cryptographic evidences,cyber attacks,digital signatures,security | Internet privacy,Man-in-the-middle attack,Cryptography,Computer science,Computer security,Server,Digital signature,Malware,Name server,DNS spoofing,The Internet | Conference |
Citations | PageRank | References |
5 | 0.60 | 13 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Haya Shulman | 1 | 293 | 37.26 |
| Michael Waidner | 2 | 3877 | 395.65 |