User: Password:
Subscribe / Log in / New account


DNSCurve: an alternative to DNSSEC

By Jake Edge
July 8, 2009

The Domain Name System (DNS) has been with us for a long time, turning host and domain names into IP addresses. Along the way, numerous flaws have been found in the protocol, including last year's Kaminsky DNS flaw, which just added to the clamor to see DNS replaced. But, DNS still hasn't gone away, and doesn't look like it will anytime soon, at least partially because its replacement, DNSSEC, doesn't really resolve all of the problems, and it creates some of its own. A proposal by Daniel J. Bernstein (aka djb), called DNSCurve, has some interesting features that might make it a viable alternative to DNS and DNSSEC—perhaps one that can be widely adopted.

Bernstein, author of qmail and djbdns, has a reputation for creating secure software, but he tends to play by his own rules. Both qmail and djbdns use Bernstein's own monitoring and inetd replacement, rather than using the "standard" UNIX tools. But, his results are good, the security guarantee he offers for qmail (and a similar one for djbdns) have yet to be claimed—though some argue that is because Bernstein himself makes the final decisions as to what qualifies. One thing is clear, though, his djbdns did anticipate the Kaminsky flaw, and didn't need to be patched when most of the other DNS servers did.

In some ways, DNSCurve continues the Bernstein "maverick" trend. The fundamental difference between DNSCurve and DNSSEC is that the latter set out to ensure that there would be no cryptography necessary on each query. It does that by pre-computing signatures, which makes it vulnerable to replay attacks. Instead, DNSCurve embraces per-query encryption, but it does so by leveraging an encryption algorithm, called Elliptic Curve Cryptography (ECC), which is much faster than RSA.

Part of what makes ECC more efficient is that it can use much smaller keys than RSA (256 bits vs. 1024 or more bits) to give the equivalent level of security. In addition, the best known attacks on ECC haven't gotten any better in the nearly 25 years since it was introduced. In a recent presentation [PDF], Bernstein shows a benchmark of server side performance: "Using this software, a low-cost PC with a 2.4GHz Core 2 Quad CPU can encrypt and authenticate 50 billion packets/day to 500 million clients. [...] The total load on .com is 38 billion packets/day from 5 million clients.".

Bernstein uses a particular curve, Curve25519, for DNSCurve. It is based on a "convenient" prime, 2^255 - 19, which is where it gets its name. That curve is the subject of a paper [PDF] by Bernstein entitled "Curve25519: new Diffie-Hellman speed records". ECC is thought to be a patent minefield, but Bernstein disputes the idea that Curve25519 is covered by patents. As with so many of the newest technologies, though, patent problems are something to keep on eye on regarding DNSCurve.

DNSCurve also changes the way nameservers for domains are named. Instead of arbitrary hostnames, like (an non-existent example), the ns3 portion would be changed to an encoding of the domain's public key. In that way, no additional packets need to be sent to handle the key exchange, as the normal DNS query sequence would provide that name.

A DNS query would consist of a message that contained the client's public key, along with the actual query, encrypted using the server's public key. The response would also be encrypted, this time using the client's public key. In both cases, the packets would be signed in such a way that each side could verify that the packet came from the right host.

The DNSCurve web site has a wealth of information about DNSCurve, and how it differs from DNSSEC. For the most part, it protects against various DNS-based attacks better than DNSSEC, but there are a few areas where DNSSEC is more secure. In particular, private keys on DNSSEC hosts cannot be compromised by an attacker gaining control of the DNS server—provided the administrator has removed the key from that server. Because DNSSEC pre-computes the encrypted data, the private key is not required to be installed on the server, in contrast to DNSCurve.

DNSCurve is just a part of Bernstein's effort to see the internet encrypt all of its traffic. His vision is that by using ECC and Curve25519 (or some other, efficient, but strong, encryption), there would be no plaintext traffic on the net. That vision is a sensible one, whether Bernstein's particular implementation ideas are adopted or not. Eventually, universal encryption of internet traffic is something we are very likely to see.

Comments (24 posted)

Brief items

OpenSSH update

OpenSSH maintainer Damien Miller has responded to the rumors of an active OpenSSH exploit in the wild. "I don't have any non-public information. I have exchanged some emails with one of the victims of the alleged sshd 0day, but he was not able to provide any evidence that the attack was sshd-related. In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks. So, I'm not pursuaded that an 0day exists at all. The only evidence so far are some anonymous rumours and unverifiable intrusion transcripts." This doesn't mean that nothing is going on, of course, but there is reason to hope that this is a false alarm.

Full Story (comments: none)

Attempted Break-In on

CentOS is reporting that there was a break-in attempt made on the server. Due to an "administrative error", the Xoops content management system was abused to put some content onto the web server. "As far as we can see there has been no data or binary injected into the system or taken from the system. The machine hasn't been used as a source for sending spam (in the widest possible meaning) either. [...] We have been able to identify the source of the attacks, but have not been able to find out if the files have been put there through a compromised user account in the Xoops system." Click below for the full text of the announcement.

Full Story (comments: none)

New vulnerabilities

drupal: multiple vulnerabilities

Package(s):drupal CVE #(s):
Created:July 6, 2009 Updated:July 8, 2009

From the Drupal advisory:

  • Cross-site scripting: The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS).

  • Input format access bypass: User signatures have no separate input format, they use the format of the comment with which they are displayed. A user will no longer be able to edit a comment when an administrator changes the comment's input format to a format that is not accessible to the user. However they will still be able to modify their signature, which will then be processed by the new input format. If the new format is very permissive, via their signature, the user may be able to insert arbitrary HTML and script code into pages or, when the PHP filter is enabled for the new format, execute PHP code.

  • Pasword leaked in URL: When an anonymous user fails to login due to mistyping his username or password, and the page he is on contains a sortable table, the (incorrect) username and password are included in links on the table. If the user visits these links the password may then be leaked to external sites via the HTTP referer. In addition, if the anonymous user is enticed to visit the site via a specially crafted URL while the Drupal page cache is enabled, a malicious user might be able to retrieve the (incorrect) username and password from the page cache.
Fedora FEDORA-2009-7315 drupal 2009-07-03
Fedora FEDORA-2009-7406 drupal 2009-07-03
Fedora FEDORA-2009-7362 drupal 2009-07-03

Comments (none posted)

ipplan: cross-site scripting

Package(s):ipplan CVE #(s):CVE-2009-1732
Created:July 6, 2009 Updated:July 8, 2009

From the Debian advisory:

It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.

Debian DSA-1827-1 ipplan 2009-07-06

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-1914
Created:July 2, 2009 Updated:July 29, 2009
Description: The Linux kernel has a denial of service vulnerability. From the National Vulnerability Database entry: "The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function."
Debian DSA-1844-1 linux-2.6.24 2009-07-28
Ubuntu USN-793-1 linux, linux-source-2.6.15 2009-07-02

Comments (none posted)

libtiff: denial of service

Package(s):libtiff CVE #(s):CVE-2009-2285
Created:July 6, 2009 Updated:December 4, 2009

From the CVE entry:

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.

Oracle ELSA-2012-0468 libtiff 2012-04-12
Mandriva MDVSA-2009:169-1 libtiff 2009-12-03
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Gentoo 200908-03 tiff 2009-08-07
Mandriva MDVSA-2009:169 libtiff 2009-07-28
CentOS CESA-2009:1159 libtiff 2009-07-23
Fedora FEDORA-2009-7775 libtiff 2009-07-19
Fedora FEDORA-2009-7724 libtiff 2009-07-19
Fedora FEDORA-2009-7717 mingw32-libtiff 2009-07-19
Red Hat RHSA-2009:1159-01 libtiff 2009-07-16
Debian DSA-1835-1 tiff 2009-07-15
Mandriva MDVSA-2009:150 libtiff 2009-07-13
Ubuntu USN-797-1 tiff 2009-07-06
Fedora FEDORA-2009-7417 libtiff 2009-07-03
Fedora FEDORA-2009-7358 libtiff 2009-07-03
Fedora FEDORA-2009-7335 libtiff 2009-07-03

Comments (none posted)

mod_security: denial of service

Package(s):mod_security CVE #(s):CVE-2009-1902 CVE-2009-1903
Created:July 3, 2009 Updated:July 31, 2009
Description: From the Gentoo advisory: Multiple vulnerabilities were discovered in ModSecurity:

* Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name (CVE-2009-1902).

* Steve Grubb of Red Hat reported that the "PDF XSS protection" feature does not properly handle HTTP requests to a PDF file that do not use the GET method (CVE-2009-1903).

Mandriva MDVSA-2009:184 apache-mod_security 2009-07-31
Mandriva MDVSA-2009:183 apache-mod_security 2009-07-31
Gentoo 200907-02 mod_security 2009-07-02

Comments (none posted)

nagios: arbitrary program execution

Package(s):nagios2, nagios3 CVE #(s):CVE-2009-2288
Created:July 3, 2009 Updated:August 11, 2009
Description: From the Ubuntu advisory: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Mandriva MDVSA-2009:187 nagios 2009-08-01
Gentoo 200907-15 nagios-core 2009-07-19
Debian DSA-1825-1 nagios2 2009-07-03
Ubuntu USN-795-1 nagios2, nagios3 2009-07-02

Comments (none posted)

ocsinventory-agent: insecure module search path

Package(s):ocsinventory-agent CVE #(s):CVE-2009-0667
Created:July 7, 2009 Updated:October 22, 2010
Description: From the Debian advisory: It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system.
Fedora FEDORA-2010-16334 ocsinventory-agent 2010-10-14
Fedora FEDORA-2010-16335 ocsinventory-agent 2010-10-14
Debian DSA-1828-1 ocsinventory-agent 2009-07-07

Comments (none posted)

openswan: input validation flaws

Package(s):openswan CVE #(s):CVE-2009-2185
Created:July 2, 2009 Updated:September 12, 2013
Description: openswan has multiple input validation flaws. From the Red Hat alert: Multiple insufficient input validation flaws were found in the way Openswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon. (CVE-2009-2185)
Mandriva MDVSA-2013:231 openswan 2013-09-12
Gentoo 200909-05 openswan 2009-09-09
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Fedora FEDORA-2009-7478 openswan 2009-07-11
Fedora FEDORA-2009-7423 openswan 2009-07-11
CentOS CESA-2009:1138 openswan 2009-07-02
Red Hat RHSA-2009:1138-01 openswan 2009-07-02
Mandriva MDVSA-2009:273 strongswan 2009-10-12
Debian DSA-1899-1 strongswan 2009-10-02
Debian DSA-1898-1 openswan 2009-10-02

Comments (none posted)

phpMyAdmin: cross-site scripting

Package(s):phpMyAdmin CVE #(s):CVE-2009-2284
Created:July 6, 2009 Updated:August 5, 2009

From the phpMyAdmin advisory:

It was possible to conduct an XSS attack via a crafted SQL bookmark.

Mandriva MDVSA-2009:192 phpmyadmin 2009-08-05
Fedora FEDORA-2009-7329 phpMyAdmin 2009-07-03
Fedora FEDORA-2009-7340 phpMyAdmin 2009-07-03
Fedora FEDORA-2009-7337 phpMyAdmin 2009-07-03

Comments (none posted)

pidgin: denial of service

Package(s):pidgin CVE #(s):CVE-2009-1889
Created:July 2, 2009 Updated:December 7, 2009
Description: pidgin has a denial of service vulnerability. From the Red Hat alert: A denial of service flaw was found in the Pidgin OSCAR protocol implementation. If a remote ICQ user sent a web message to a local Pidgin user using this protocol, it would cause excessive memory usage, leading to a denial of service (Pidgin crash). (CVE-2009-1889)
Mandriva MDVSA-2009:321 pidgin 2009-12-06
SuSE SUSE-SR:2009:013 memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2 2009-08-11
Gentoo 200910-02 pidgin 2009-10-22
Ubuntu USN-796-1 pidgin 2009-07-06
Fedora FEDORA-2009-7359 pidgin 2009-07-03
Fedora FEDORA-2009-7370 pidgin 2009-07-03
Fedora FEDORA-2009-7415 pidgin 2009-07-03
CentOS CESA-2009:1139 pidgin 2009-07-02
Red Hat RHSA-2009:1139-01 pidgin 2009-07-02

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds