DNS 安全的演變.pdf

《DNS 安全的演變.pdf》由會員分享，可在線閱讀，更多相關《DNS 安全的演變.pdf（123頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveChristian Clasen,Technical Leader,Cloud Security TMExianclasenBRKSEC-2051The Evolutionof DNS Security 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-20513 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSession abstrac

2、tThe DNS protocol was designed to be decentralized and hierarchical,but not secure.Almost since its inception there have been exploits.We need to protect this vital network service.In this presentation,attendees will first learn the history of the DNS protocol,how it really works under the hood,and

3、what the attack vectors and vulnerabilities are that make it such a juicy target.From there,the material progressing into the various attempts to secure DNS,from DNSSEC to DNSCrypt,through more modern methods including DNS over HTTPS(DoH),DNS over TLS(DoT),and DNS over QUIC(DoQ).BRKSEC-20514 2023 Ci

4、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to th

5、e Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12345https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-20515Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDNS OverviewVul

6、nerabilities and AbusesDNSSEC and DNSCryptDoT/DoHOblivious DNSDoQBRKSEC-20516DNS Overview 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-20518 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMaintained by Stanford Research InstituteRequir

7、ed manual lookupError proneHosts table“operational nightmare.”-Craig PartridgeBRKSEC-20519 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCreated by Paul MockapetrisRFC 882/883(1034/1035)Hierarchical,distributedFirst TLDs established in 1984NOTIFY and IXFRDomain Name Syst

8、emBRKSEC-205110 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive.COM.COMTLD.ORG.ORGTLD.EDU.EDUTLD.NINJA.NINJATLDRootRDOMAINunc.eduDOMAINopenssl.orgDOMAINncsu.eduDOMAINiana.orgDOMAINSUBDOMAINSUBDOMAINSUBDOMAINSUBDOMAINSUBDOMAINBRKSEC-205111 2023 Cisco and/or its affiliates.

9、All rights reserved.Cisco Public#CiscoLiveDigging to the rootResolve the Name Server recordBRKSEC-205112 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDigging to the rootResolve the Name Server recordThe resolver found the record(NOERROR)BRKSEC-205113 2023 Cisco and/or i

10、ts affiliates.All rights reserved.Cisco Public#CiscoLiveDigging to the rootResolve the Name Server recordThe resolver found the record(NOERROR)Time to Live(TTL)is 0BRKSEC-205114 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDigging to the rootResolve the Name Server reco

11、rdThe resolver found the record(NOERROR)Time to Live(TTL)is 0The record Class is Internet(IN)BRKSEC-205115 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDigging to the rootTrivia:What are the other two DNS Classes besides Internet(IN)?BRKSEC-205116 2023 Cisco and/or its

12、affiliates.All rights reserved.Cisco Public#CiscoLiveDigging to the rootTrivia:What are the other two DNS Classes besides Internet(IN)?Chaosnet(CH)Hesiod(HS)BRKSEC-205117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveHesiod(HS)/etc/passwd over DNS!Directory serviceBuilt

13、into LinuxNot enabled by defaultBRKSEC-205118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy you cant dig to Switzerland(Chaosnet)Swiss TLD(CH)conflicts with the record class for ChaosnetYou may get REFUSED or NOTIMP depending on the serverPlace a.after the TLD as a w

14、orkaroundBRKSEC-205119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChaosnet lives(not really)BIND(ab)uses CHDocumentationCreditsNotesBRKSEC-205120 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-205122 2023 Cisco and/or its affiliates.

15、All rights reserved.Cisco Public#CiscoLiveBRKSEC-205124 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-205125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-205127 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#

16、CiscoLiveBRKSEC-205129 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-205131 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTest your resolver for Q-min!dig a.b.qnamemin-test.internet.nl TXThttps:/dnsthought.nlnetlabs.nl/does_qnamemin/#q

17、nameminBRKSEC-205132 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGeoff Huston,Chief Scientist at the Asia Pacific Network Information Centre(APNIC)“Addresses,and the routing of address prefixes,is increasingly a marginal activity.The glue of todays Internet is the name

18、 space.The way that we invest trust in the space is now the core conversation of todays Internet”BRKSEC-205133 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveProtective DNS34BRKSEC-2051UmbrellaVulnerabilities and Abuses 2023 Cisco and/or its affiliates.All rights reserved

19、.Cisco Public#CiscoLiveClasses of DNS attacksCache PoisoningQuery ID guessingMitigated in 1998Still possible but unlikelySpoofing/HijackingVery easy to doDifficult to detectISPs regularly hijack DNSSnooping/fingerprintingPlain-text queries and repliesPrivacy concernISPs regularly snoop DNSDenial of

20、ServiceAmplification attacksUDP makes this possibleSmall query,big replyBRKSEC-205136 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveClasses of DNS attacksCache PoisoningQuery ID guessingMitigated in 1998Still possible but unlikelySpoofing/HijackingVery easy to doDifficul

21、t to detectISPs regularly hijack DNSSnooping/fingerprintingPlain-text queries and repliesPrivacy concernISPs regularly snoop DNSDenial of ServiceAmplification attacksUDP makes this possibleSmall query,big replyPrivacyIntegrityAuthenticityBRKSEC-205137 2023 Cisco and/or its affiliates.All rights rese

22、rved.Cisco Public#CiscoLiveProposed fixes:Port/ID randomizationDNS cookiesDNS over TLSCase randomization Cache Poisoning38BRKSEC-2051UDP DNSmybank.ninja.ninja.ninjaTLDRESPONSERESPONSERESPONSE 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCache PoisoningDNS names are case

23、 insensitiveDNS names are copied from queriesDoes not work for every serverException lists must be maintainedProposed standardhttps:/datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0 x20-00Case randomization39BRKSEC-2051mYbaNk.nInjamyBaNk.niNjamYbANk.ninjaMYbAnk.NiNjaDNSSEC 2023 Cisco and/or its

24、 affiliates.All rights reserved.Cisco Public#CiscoLiveThe goals of DNSSEC were limited from the outsetData disclosure considered out of scopeBackwards compatibility No detailed threat modelThe resulting requirements were:Data integrityData origin authenticationRoot zone wasnt signed until 2010Keys f

25、irst rotated in 2018This took eight phases over two yearsEarly DNSSEC developmentIETF Meeting in Houston,TX 1993BRKSEC-205147 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe goals of DNSSEC were limited from the outsetData disclosure considered out of scopeBackwards co

26、mpatibility No detailed threat modelThe resulting requirements were:Data integrityData origin authenticationRoot zone wasnt signed until 2010Keys first rotated in 2018This took eight phases over two yearsEarly DNSSEC developmentIETF Meeting in Houston,TX 1993Trivia:What browser was launched the same

27、 year(1993)and was the first to show images inline with text in the same window?BRKSEC-205148 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe goals of DNSSEC were limited from the outsetData disclosure considered out of scopeBackwards compatibility No detailed threat m

28、odelThe resulting requirements were:Data integrityData origin authenticationRoot zone wasnt signed until 2010Keys first rotated in 2018This took eight phases over two yearsEarly DNSSEC developmentIETF Meeting in Houston,TX 1993BRKSEC-205149 2023 Cisco and/or its affiliates.All rights reserved.Cisco

29、Public#CiscoLiveDNSSEC basicsRRSIG:Crypto SignatureDNSKEY:Public KeyDS:Hash of Public KeyNSEC/NSEC3:Denial-of-ExistenceCDNSKEY/CDS:Updates to parent zonesNew record types for crypto operations:RootRootTLDDOMAINRRsetKey Signing KeyZone Signing KeyBRKSEC-205150 2023 Cisco and/or its affiliates.All rig

30、hts reserved.Cisco Public#CiscoLiveDNSSEC in practiceNon-Validating Security-Aware Stub ResolverBRKSEC-205152 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveProvide the Next Secure(NSEC)record if name does not existCan be used to enumerate zonesNSEC3 hashes the names,in p

31、reserved alphabetical order,and allows for opt-out for child zonesHow to prove a negativeRFC 4470/4471(April 2006)Make up the next lexical name on the fly and sign itMore vulns!Real-time access to private keysMore computationally expensiveChosen-plaintext attacksNSEC3White liesBRKSEC-205153 2023 Cis

32、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe middlebox problemBRKSEC-205154 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCustomer edge equipment often causes issues with DNSSEC validationhttp:/www.icann.org/committees/security/sac035.pdfhttps:/

33、www.rfc-editor.org/rfc/rfc8027The middlebox problem“Basic DNSSEC queries were properly answered with correct authentication proofs by 64%of the resolvers,whereas denial of existence proofs and wildcard resolutions were properly handled in only 56%and 40%of the resolvers,respectively.”Discovery metho

34、d for a DNSSEC validating stub resolver(2015)https:/nlnetlabs.nl/downloads/publications/os3-2015-rp2-xavier-torrent-gorjon.pdfBRKSEC-205155 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNSSEC validation statshttps:/ 2023 Cisco and/or its affiliates.All rights reserved.C

35、isco Public#CiscoLiveRFC 9364 RFC 9364-DNS Security Extensions(DNSSEC),February 2023DNS Security Extensions(DNSSEC),February 2023More than 15 years after the DNSSEC specification was published,it is still not widely deployed.Recent estimates are that fewer than 10%of the domain names used for websit

36、es are signed,and only around a third of queries to recursive resolvers are validated.BRKSEC-205157 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe case against DNSSECMore ComplexityLess PerformanceNo Stub validationLimited usefulnessBRKSEC-205158 2023 Cisco and/or its

37、 affiliates.All rights reserved.Cisco Public#CiscoLiveThe case for DNSSECI got all the name records you needIts better than the PKIIts integrated in the DNSIf the response is signed,who cares where you got it?It solves cache poisoningBRKSEC-205159 2023 Cisco and/or its affiliates.All rights reserved

38、.Cisco Public#CiscoLiveThe DNSSEC is in the detailsBRKSEC-205160 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIdentify validated domains62BRKSEC-2051 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveGroup policy DNSSEC enforcementhttps:/ 2023 C

39、isco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOpenDNS announced the first public DNS server in 2011DNS requests/responses are unchangedRuns on UDP or TCP 443Enforces Public Key PinningPads packets to h

40、ide lengthMitigates amplification attacksDNSCryptPrivacyIntegrityAuthenticityBRKSEC-205167 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOpenDNS announced the first public DNS server in 2011DNS requests/responses are unchangedRuns on UDP or TCP 443Enforces Public Key Pin

41、ningPads packets to hide lengthMitigates amplification attacksDNSCryptPrivacyIntegrityAuthenticity?BRKSEC-205168 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNSCryptNot a proposed IETF standardFragmented implementationsAlways a third-party applicationNo native OS suppo

42、rtComplexity of deploymentBRKSEC-205169 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNSCryptNot a proposed IETF standardFragmented implementationsAlways a third-party applicationNo native OS supportComplexity of deploymentBRKSEC-205170 2023 Cisco and/or its affiliates.

43、All rights reserved.Cisco Public#CiscoLive71BRKSEC-2051https:/dnscrypt.info/implementations 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive72BRKSEC-2051ClientResolverGenerate Short Term Key PairGenerate Short Term Key PairPublished certificate with signed short-term publi

44、c keyGenerate shared key,decrypt query,verify MAC,resolve query,encrypt responseVerify signature,select a certificate,generate share key,encrypt queryDecrypt response,verify MACCert requestSigned certEncrypted queryEncrypted response 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#

45、CiscoLiveDNSCrypt cipher suites73BRKSEC-2051Protocol Protocol VersionVersionEncryption System NameEncryption System NamePublic Key Public Key LengthLengthSignatureSignaturenoncenonceMACMAC0 x010 x01X25519-Ed25519-Salsa20-Poly1305326424160 x020 x02X25519-Ed25519-Chacha20-Poly1305 32642416 2023 Cisco

46、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChanged crypto to conform with FIPSDNSCrypt Version 3 ExtensionsUDP query paddingVersion 2 kept response at same length as query or shorterDetermined to be counterproductiveProtocol Protocol VersionVersionEncryption System NameEncryptio

47、n System NamePublic Key Public Key LengthLengthSignatureSignaturenoncenonceMACMAC0 x030 x03ECDHE-ECDSA-AES128-GCM-SHA256(P-256)33642416 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNSCrypt performance75BRKSEC-2051 2023 Cisco and/or its affiliates.All rights reserved.Ci

48、sco Public#CiscoLive1/3 of DNS in UmbrellaVirtual ApplianceRoaming Security ModuleMerakiASA/ISRAndroid/iOSDNSCryptBRKSEC-205176 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIndia has the highest ratioDNSCryptBRKSEC-205177 2023 Cisco and/or its affiliates.All rights rese

49、rved.Cisco Public#CiscoLiveUnlikely to encounter outside of commercial offeringsCisco Umbrella Roaming ModuleCisco Umbrella Virtual ApplianceRequires third party softwareDNSCrypt ProxyImpact to network operatorsEasiest to control via endpoint software installation restrictionsBlock known servers:htt

50、ps:/ over TLS(DoT)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive81BRKSEC-2051 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThird-party trust model in TLSTLS relies on public Certificate Authorities(CAs)Currently there are over 1,500 CAs ship

51、ped in modern operating systemsThese CAs can vouch for any server nameCAs can be and are compromised by malicious actorsTLSTLShttps:/www.eff.org/observatoryBRKSEC-205182 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServer Name Indication extensionTCPTLS Client HelloSNI:

52、TLS Server HelloCertificateBRKSEC-205183 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServer Name Indication extensionTCPTLS Client HelloSNI:TLS Server HelloCertificateTLSv1.3 encrypts the certificate,but not the SNIBRKSEC-205184 2023 Cisco and/or its affiliates.All rig

53、hts reserved.Cisco Public#CiscoLiveEncrypted Client HelloTLS Client Hello OuterClient Hello Inner(encrypted)TLS Server HelloCertificateSensitive extensions like SNI are encrypted using a public key retrieved over DNSBRKSEC-205185 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc

54、oLiveAnalogous to SMTP opportunistic encryptionDesigned to aid in transition or for roaming clientsVulnerable to downgradeattackDoT modesRequires TLS and does not fall backRequires OOB key managementUses Simple Public Key Management(SPKI)OpportunisticStrictBRKSEC-205186 2023 Cisco and/or its affilia

55、tes.All rights reserved.Cisco Public#CiscoLiveDoT OS adoptionAndroidSupported in PieEnabled by defaultUses dns.googleLinuxSupported in system-resolvedAdd the DNSOverTLS optionStubby or Knot-resolverWindowsWindows 11Server 2022iOSiOS 14 native supportmacOS 11 native supportBRKSEC-205187 2023 Cisco an

56、d/or its affiliates.All rights reserved.Cisco Public#CiscoLiveNo additional protocol layerTLS directly on top of DNSAmortizes setup over multiple queriesAccomplishes last-mile securityPros and cons88Head-of-line blocking from TCPRelies on the PKI(CAs)Clients can close connections too quicklyStill re

57、quires DNSSEC if not used on every hopBRKSEC-2051 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLikely to see from Android clientsPotentially third-party installationsUnlikely to see from Windows by defaultImpact to network operatorsBlock TCP 853DoT definitions in L7 fir

58、ewallsBRKSEC-205189DNS over HTTPS(DoH)2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive92BRKSEC-2051 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuery methodsGETGET method encodes the query in Base64url“Friendlier”to many HTTP cache implementa

59、tionsBRKSEC-205193 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuery methodsPOSTPOST method encodes the query in the message bodyContent-Type header indicates that it is a DNS queryBRKSEC-205194 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv

60、eResponseBRKSEC-205195 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePaul Vixie,2018“DoH is an over the top bypass of enterprise and other private networks.But DNS is part of the control plane,and network operators must be able to monitor and filter it.Use DoT,never DoH.

61、”BRKSEC-205196 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirefox implementationnetwork.trr.bootstrapAddressSets the initial resolver to use to find the DoH server IP addressBlank by default(uses system resolver)network.trr.uriThe address of the DoH server to be usedD

62、efault is https:/mozilla.cloudflare- if DoH is enablednetwork.trr.mode0-Off(default).use standard native resolving only(dont use TRR at all)1-Reserved(used to be Race mode)2-First.Use TRR first,and only if the name resolve fails use the native resolver as a fallback.3-Only.Only use TRR.Never use the

63、 native resolver4-Reserved(used to be Shadow mode)5-Off by choice.This is the same as 0 but marks it as done by choice and not done by default.https:/wiki.mozilla.org/Trusted_Recursive_ResolverBRKSEC-205197 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivehttps:/wiki.mozill

64、a.org/Security/DNS_Over_HTTPSBRKSEC-205198 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirefox heuristicsFirefox will attempt to resolve the domain using the system resolverNOERROR with a host record(A or AAAA)will result in DoH being enableduse-application-Canary doma

65、inPowerShell command to add the domain:BRKSEC-205199 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirefox heuristicsParental controls APIThe OS can indicate to Firefox that parental controls are applied to the logged-in user of the machineIf enabled,DoH is disabled auto

66、maticallyApple:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirefox heuristicsSafeSearchA few applications use DNS to enforce content filteringGoogle and YouTube are currently supported by FirefoxIf filtering is enabled,DoH is disabledBRKSEC-2051101 2023 Cisco a

67、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirefox heuristicsThird-party and Enterprise root certificatesChecks if any certificates are found in the Firefox root store that are not shipped with the browserChecks to see if security.enterprise_roots.enabledis setIf found,DoH is dis

68、abledBRKSEC-2051102 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFirefox heuristicshttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveChrome implementationThe currently mapped providers:https:/source.chromium.org/chromium/chromium/src/+/H

69、EAD:net/dns/public/doh_provider_entry.cchttps:/www.chromium.org/developers/dns-over-httpsChrome has a local table which maps DoH servers to their non-DoH equivalentIf the system resolver supports DoH,then Chrome will take over DNS(using DoH)Enabled by default in v83BRKSEC-2051104 2023 Cisco and/or i

70、ts affiliates.All rights reserved.Cisco Public#CiscoLiveDiscovery of Designated Resolvers(DDR)https:/www.ietf.org/archive/id/draft-ietf-add-ddr-01.htmlRRTYPE=SVCB_dns.resolver.arpaDNS:146.112.41.5DHCPHosts can use the SVCB(type64)DNS record to find out what encrypted DNS is available from their assi

71、gned DNS resolverBRKSEC-2051105 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive107BRKSEC-2051 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDiscovery of Designated Resolvers(DDR)Umbrella was the first to implementPartnered with MS and Quad9Sup

72、ported in newer Windows buildsWindows 11Server 2022https:/www.ietf.org/archive/id/draft-ietf-add-ddr-01.htmlhttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveJump in DoT after DDR enabled in Umbrella resolversMatched DoH connectionsNo details recorded but likely to b

73、e Android handsetsDDRBRKSEC-2051109 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe privacy tradeoff with DoH/DoTOften requires configuration by the end userDeference to network operators,enterprises leaves large holesEncrypting the channel just shifts privacy risks to

74、 the providerHTTP/TLS are better for fingerprintingTLSTLSTLSTLSBRKSEC-2051110Oblivious DNS 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DNSAttempts to decouple the client IP from the queryRequires a modified stub resolver and an ODNS resolverOriginal paper:htt

75、ps:/arxiv.org/abs/1806.00276A modified version represents Oblivious DNS over HTTPShttps:/www.ietf.org/staging/draft-pauly-oblivious-doh-02.htmlBRKSEC-2051112 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DNS.BRKSEC-2051113 2023 Cisco and/or its affiliates.All r

76、ights reserved.Cisco Public#CiscoLiveOblivious DNS.ODNS Sk11.Generate one-off session key(K1)BRKSEC-2051114 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DNS.ODNS StubODNSresolverPublic Key(K2)1.Generate one-off session key(K1)2.Session key is encrypted using O

77、DNS public key(K2)BRKSEC-2051115 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DNS.ODNS Sk1Kk11.Generate one-off session key(K1)2.Session key is encrypted using ODNS public key(K2)3.Encrypted session key is appended to the queryBRKSEC-2051116 2023 Cisco and/or

78、its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DNS.1.Generate one-off session key(K1)2.Session key is encrypted using ODNS public key(K2)3.Encrypted session key is appended to the query4.The ODNS domain label is added to the endODNS StubEncrypted.odnsKk1BRKSEC-2051117 2023 Cisco

79、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRootRoot.COM.COMTLDDOMAINUser query is hiddenUser IP is hiddenRecursiveresolverOblivious DNSODNSresolverODNS S.Encrypted.odnsBRKSEC-2051118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRootRoot.COM.COMTLDDO

80、MAINRecursiveresolverOblivious DNSODNSresolverODNS S.Encrypted.odnsAny recursive resolver can handle the queriesBRKSEC-2051119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DoHODNSresolverPublic Key(K1).ODNS Stub1.Retrieve the ODNS public key(K1)over DNSBRKSEC-

81、2051120 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOblivious DoH.ODNS Stub1.Retrieve the ODNS public key(K1)over DNS2.Encrypt the entire query in HTTP bodyBRKSEC-2051121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRootRoot.COM.COMTLDDOMA

82、INODoHProxyOblivious DoHODNSresolverODNS S.EncryptedMust be an Oblivious DoH Proxy resolverBRKSEC-2051122 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApple iCloud Private relayUses Oblivious DoHRespond with NXDOMAIN to:mask-Impact to network operators(Apple devices)Pri

83、vate Relay does not override enterprise settingsVPNCustom DNS settingsMDM profile settingsBRKSEC-2051123https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApps and platforms will drive DNS evolutionStandards are slow to be drafted and ratifiedMiddleboxes are slow to s

84、upport new protocolsISPs and carriers are slow to upgradeUsers are unlikely to implement customizations to their systemsApplication and content providers will shortcut these roadblocks to implement their own end-to-end solutionsBRKSEC-2051124DNS over QUIC(DoQ)2023 Cisco and/or its affiliates.All rig

85、hts reserved.Cisco Public#CiscoLiveInternet protocol evolutionHTTP/2IPTLSTCPHTTP/2TLSTCPBRKSEC-2051126 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInternet protocol evolutionHTTP/2IPTLSTCPHTTP/2TLSTCPNAT routersFirewallsWAFsLoad balancersApplication gatewaysBRKSEC-2051

86、127 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInternet protocol evolutionHTTP/2TLSTCPHTTP/2IPQUICUDP(443)IPHTTP/3QUIC includes TLSv1.3,but not as Application Data recordsQUIC CRYPTO frames are used insteadRunning over UDP allows for more opacity in the networkThis al

87、lows developers to change the endpoint behavior to improve performanceHTTP/2QUICBRKSEC-2051128 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInternet protocol evolutionHTTP/2TLSTCPHTTP/2IPQUICIPHTTP/3Congestion controlSession controlLoss recoveryHTTP/2QUICUDP(443)BRKSEC-

88、2051129 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDNS over QUIC(DoQ)0-RTT support(optional)For QUERY and NOTIFY onlyAdvanced packet-loss recoveryLong-lived connections for multiple queriesNo head-of-line blockingMultiple streams are usedPadded packetsThrough EDNS or

89、QUIC itselfhttps:/www.rfc-editor.org/rfc/rfc9250.htmlhttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAuthoritative nameservers use AXFR to maintain redundancyIP addresses allow-listingIPsec for AAAQUIC could simplify these transfersZone transfers over QUICAXFRBRKSE

90、C-2051131 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIn 2022,cz.nic started an introductory implementation of QUIC in their nameservers to test efficiency and attack surfaceEngineers were particularly concerned with DoS attacksDoQ experiments by TLD nameserversThe ser

91、ver performance was greatly decreasedOnly 10,000 connections per secondCPU was 100%-almost all of which was cryptographicoperations10GB of additional memoryusage DNS-OARC 38,Day 1BRKSEC-2051132 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIETF DRIVE working group is res

92、earching ways to protect these communicationshttps:/datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/DoQ resolver-to-authoritative server TLSCurrently,there exists no way for recursive servers to retrievecertificate information before beginning TLS negotiation with the authoritative ser

93、verVulnerable to MITM attackBRKSEC-2051133 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAll QUIC is detectable as UDPLikely to see from ChromeNot likely to be DNS yetImpact to network operatorsBlock UDP 80/443Firewall L7 definitions exist nowDisable in Chrome via GPO/MD

94、MBRKSEC-2051134 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTakeawaysEncrypted DNS is already on your networkUnderstand the implicationsBlock and monitor where relevantBe mindful of who your chosen providers areDont count on network visibility foreverPush observability

95、 and control closer to the endpointBRKSEC-2051135 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!Thes

96、e points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKSEC-2051136 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit

97、the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#C

98、iscoLive139Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234139 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-2051#CiscoLive