DNSSEC Downgrade Attacks

Presented at Black Hat USA 2022, Aug. 11, 2022, 2:30 p.m. (30 minutes)

In this talk, we show that the cryptographic agility in DNSSEC, although critical for making DNS secure with strong cryptography, also introduces a severe vulnerability. We demonstrate that adversaries, by manipulating the cryptographic material in signed DNS responses, can reduce the security level provided by DNSSEC, or, even worse, prevent resolvers from validating DNSSEC at all. We experimentally and ethically evaluate our attacks against popular DNS resolver implementations, public DNS providers, and DNS services worldwide. We validate the success of DNSSEC-downgrade attacks by poisoning the resolvers: we inject fake records, from our own signed domains, into the caches of validating resolvers. Our findings show that major DNS providers, popular resolver implementations, and many other DNS services are vulnerable to our attacks.<br>

Presenters:

  • Michael Waidner - Professor for Computer Science, Technische Universität Darmstadt
    Michael Waidner is the Director of the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) and Professor (Chair) for Security in IT at Technische Universit&auml;t Darmstadt. He is also the CEO of the National Research Center for Applied Cyber Security ATHENE. Since 2017 he is also the Chief Digital Office (CDO) of the city of Darmstadt. With more than 130 publications, Michael Waidner is one of the preeminent scientists in IT security. He is an IEEE Fellow and ACM Distinguished Scientist. He received his PhD from the University of Karlsruhe (now known as KIT). Until 2010, he was an IBM Distinguished Engineer and the Chief Technology Officer for Security, responsible for the technical security strategy and architecture of the IBM Corporation. Before that, he headed security research at IBM Zurich Research Laboratory in R&uuml;schlikon, Switzerland.
  • Elias Heftrig - Security Researcher, ATHENE; Fraunhofer SIT
    Elias Heftrig is a security researcher at the German National Research Center for Applied Cybersecurity ATHENE. He investigates the security of protocols and infrastructures on the Internet with a focus on DNS and its applications. Elias holds an M.Sc. in IT-Security from TU Darmstadt.<br>
  • Haya Shulman - Professor, Goethe-Universität Frankfurt und Fraunhofer SIT
    <div><span>Prof. Dr. Haya Shulman is a full professor for Computer Science at the Johann Wolfgang Goethe-Universität Frankfurt, and the director of the Cybersecurity Analytics and Defenses department at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt. She is also a member of the Board of Directors of the National Research Center for Applied Cybersecurity ATHENE and head of the Analytics-Based Cybersecurity research area of ATHENE. She is also a director of the Fraunhofer Innovation Platform for Cybersecurity at the Hebrew University of Jerusalem in Israel, where she holds the position of a visiting professor.</span></div><div><span><br></span></div><div><span>Haya Shulman has extensive experience in applied cybersecurity research, in industry and academia. </span></div><div><span><br></span></div><div><span>She is author of more than 90 scientific articles published at top scientific conferences and journals. She serves on the program committees of several of the top scientific conferences and on the editorial boards of the ACM Computing Surveys and the ACM Transactions on Privacy and Security (TOPS) journals. In 2021 she chaired the program committee of the European flagship conference for cybersecurity, ESORICS. Dr. Shulman received numerous awards and prizes for her scientific work. Most notably, in 2022 the State of Hesse awarded her with a LOEWE-Spitzen-Professur and a research grant of 2.18 Million Euro, and in 2021 she received the Deutsche IT-Sicherheitspreis of the Horst Goertz Foundation, the most prestigious award for cybersecurity innovations in Germany.</span></div><div><span><br></span></div><div><span>Haya Shulman is a frequent speaker at business and technology conferences. She writes articles for the leading German newspaper "Frankfurter Allgemeine Zeitung" and a regular column on cybersecurity for the Background Cybersecurity of the "Tagesspiegel" newspaper.</span></div><div><span><br></span></div><div><span>In addition to her personal research and technical work she is strongly engaged in activities helping cybersecurity startups and in increasing the number of women in cybersecurity. She founded the German-Israeli Partnership Accelerator for cybersecurity in Darmstadt and Jerusalem. Haya Shulman started the "Women in Cybersecurity" series of Fraunhofer SIT, and she is a member of the advisory board of "She Transforms IT".</span></div>

Links:

Similar Presentations: