Seminar: Network and
Communication Privacy
Presenter: Sabbir Ahmmed
DNS Privacy And Confidential DNS
DNSCurve: Usable security for DNS
DNS Review
Image Credit: [5]
DNS Review
Image Credit: [5]
DNS Vulnerabilities
● Three important questions
○ How do attackers target DNS in general?
○ How do attackers spy on your D...
DNSSEC
● Limitations
○ availability/confidentiality
○ responses are authenticated but not encrypted
○ DNSSEC only signs RR...
Introduction to DNSCurve
● Uses elliptic-curve cryptography [1], not RSA
● Daniel J. Bernstein
● Uses a particular ellipti...
DNSCurve Protocol
uz5………………………………...51-byte 255-bit public key
DNSCurve Protocol
● What are sent to the server?
DNSCurve Protocol
● How does the server open the box?
DNSCurve Protocol
● What does the server send back?
DNSCurve Protocol
DNSCurve Protocol
● Speedups
○ The server
○ The cache
● Computing Curve25519 shared secrets for ten million servers : 10 m...
DNSCurve: How to get it
● Simply upgrade your DNS cache
○ dnscache /BIND
○ PowerDNS Recursor /nominum
○ MaraDNS /Unbound
●...
Implementations
● CurveDNS
○ allows DNS administrators to protect existing
installations without patching
● DNSCrypt from ...
References and bibliography
1. http://dnscurve.org/index.html
2. "Curve25519: new Diffie–Hellman speed records", 2006, Dan...
Conclusion
The slides are published under a permissive license (Creative Commons: BY-SA)
Upcoming SlideShare
Loading in …5
×

DNSCurve

711 views

Published on

DNSCurve

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
711
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DNSCurve

  1. 1. Seminar: Network and Communication Privacy Presenter: Sabbir Ahmmed
  2. 2. DNS Privacy And Confidential DNS DNSCurve: Usable security for DNS
  3. 3. DNS Review Image Credit: [5]
  4. 4. DNS Review Image Credit: [5]
  5. 5. DNS Vulnerabilities ● Three important questions ○ How do attackers target DNS in general? ○ How do attackers spy on your DNS queries? ○ How do attackers forge DNS responses? Image Credit: [5]
  6. 6. DNSSEC ● Limitations ○ availability/confidentiality ○ responses are authenticated but not encrypted ○ DNSSEC only signs RRs ○ does not protect against DoS attacks directly ○ DNSSEC cannot protect against false assumptions
  7. 7. Introduction to DNSCurve ● Uses elliptic-curve cryptography [1], not RSA ● Daniel J. Bernstein ● Uses a particular elliptic curve, Curve25519 ○ 1 chance in 1000000000000000000000000000 ! ○ 3000-bit RSA ● What does DNSCurve do for me? ○ confidentiality ○ integrity ○ availability ○ other aspects
  8. 8. DNSCurve Protocol uz5………………………………...51-byte 255-bit public key
  9. 9. DNSCurve Protocol ● What are sent to the server?
  10. 10. DNSCurve Protocol ● How does the server open the box?
  11. 11. DNSCurve Protocol ● What does the server send back?
  12. 12. DNSCurve Protocol
  13. 13. DNSCurve Protocol ● Speedups ○ The server ○ The cache ● Computing Curve25519 shared secrets for ten million servers : 10 mins
  14. 14. DNSCurve: How to get it ● Simply upgrade your DNS cache ○ dnscache /BIND ○ PowerDNS Recursor /nominum ○ MaraDNS /Unbound ● No extra cache configuration is required. ● No extra firewall configuration is required ● Network bandwidth remains essentially unchanged ● ISP's DNS vs. Cache DNS (side benefits) ● Daily copies of root zone (side benefits)
  15. 15. Implementations ● CurveDNS ○ allows DNS administrators to protect existing installations without patching ● DNSCrypt from OpenDNS ○ protects the channel between OpenDNS and its users ● Curve-Protect ○ for common services like DNS, SSH, HTTP, and SMTP
  16. 16. References and bibliography 1. http://dnscurve.org/index.html 2. "Curve25519: new Diffie–Hellman speed records", 2006, Daniel J. Bernstein 3. NSA: The Case for Elliptic Curve Cryptography 4. Adam Langley: What a difference a prime makes 5. CURVEPROTECT SOFTWARE (EXPERIMENTAL) 6. DNS Cache Poisoning: Definition and Prevention
  17. 17. Conclusion The slides are published under a permissive license (Creative Commons: BY-SA)

×