We use cryptographic techniques to study zone enumeration
in DNSSEC. DNSSEC is designed to prevent attackers
from tampering with domain name system (DNS) messages. The
cryptographic machinery used in DNSSEC, however, also creates
a new vulnerability, zone enumeration, enabling an adversary
to use a small number of online DNSSEC queries combined
with offline dictionary attacks to learn which domain names are
present or absent in a DNS zone.
We prove that the current DNSSEC standard, with NSEC
and NSEC3 records, inherently suffers from zone enumeration:
specifically, we show that security against (1) attackers that
tamper with DNS messages and (2) privacy against zone enumeration
cannot be satisfied simultaneously, unless the DNSSEC
nameserver performs online public-key cryptographic operations.
We then propose a new construction that uses online public-key
cryptography to solve the problem of DNSSEC zone enumeration.
NSEC5 can be thought of as a variant of NSEC3, in
which the unkeyed hash function is replaced with a deterministic
RSA-based keyed hashing scheme. With NSEC5, a zone remains
protected against network attackers and compromised nameservers
even if the secret NSEC5-hashing key is compromised;
leaking the NSEC5-hashing key only harms privacy against zone
enumeration, effectively downgrading the security of NSEC5 back
to that of the current DNSSEC standard (with NSEC3).
↧
