G

G. Ateniese and S. Mangard, A New Approach to DNS Security (DNSSEC), In
Proceedings of ACM CCS 2001.

Summary:

This paper presents a new security mechanism for Domain Name Systems
(DNS). This scheme is based on symmetric certificates, it builds a chain
of trust from the root servers to authoritative (name) servers.

Motivation: Current DNS security not adequate. DNS is a very important
infrastructure for the global internetworking and the well-being of the
Internet depends on it. DNS is vulnerable to DNS spoofing where an
attacker manipulates DNS answers on their way to the users. If DNS table
is changed on a single server, those changes propagate across Internet.
Thus there is a need for users to be able to authenticate the origin of
the DNS answer and check integrity of the message. Also information
exchange between domain servers must be secure. There have been security
solutions based on public key cryptography, where each parent server in
the DNS hierarchy issues a certificate for its children. Only the root
servers need to be trusted, and as long as the user has certified public
keys (PK) for the root server, it can securely communicate with servers
down the tree using the PK certificates issued by top level servers. But
verifying PK certificates requires lots of computing power and often lower
level local servers and the user host don't have adequte computing power.

Proposal: The authors propose to use secret keys to authenticate the
origin of DNS message and use message authentication code (MAC) for
integrity check. They use the same hierarchial structure as in PK
solution. The user sends its request encrypted with PK of the root server.
The root generates a pair of session keys, certifies them with its own
signature and sends it to the user. The user uses this keys to securely
communicate with the next level of servers. The certificate used here is
called symmetric certificate and it's a pair of session keys encrypted
with the master key of the child server.
The user sends this certificate to the lower level
server, that server decrypts it with its master key (shared between root
server and its children) and obtains a session key. This process goes on
each level until the user resolves the requested address. This scheme is
very similar to Kerberos ticket scheme.

The authors claim that this solution is secure against known-plaintezt
attack since it uses chain-block cipher, and also secure against replay
attack since they use freshness nonce, and timestamp, also the secret keys
can be issued per every session.

There is a proposal for hybrid approach which will allow the top level
servers to shift extra burden of decrypting keys everytime a server
becomes active.

DNS structure can be used as PKI distribution system. Domain name tables
can store extra info in each entry like PK info associated with that
domain address.