Automated private key recovery for DNSSEC Colorado State University, CS 681 John Tesch.

Slides:



Advertisements
Similar presentations
Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
How to Collaborate between Threshold Secret Sharing Schemes Daoshun Wang, Ziwei YeXiaobo Li Tsinghua University, ChinaUniversity of Alberta, Canada.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Database Administration and Security Transparencies 1.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Intro To Encryption Exercise Problem What may be the problem with a central KDC?
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Secret Sharing Algorithms
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
Key Management in Cryptography
What is Encryption? - The translation of data into a secret code - To read an encrypted file, you must have access to a secret key or password that enables.
SSH Secure Login Connections over the Internet
Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?
A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Presented By: MICHAEL HOFFMAN President & CEO - Bolt Data Systems June 16, 2010 Data Backup for the Shared Platform.
Privacy Preserving Query Processing in Cloud Computing Wen Jie
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
Cryptography, Authentication and Digital Signatures
CS551 - Lecture 18 1 CS551 Object Oriented Middleware (VII) Advanced Topics (Chap of EDO) Yugi Lee STB #555 (816)
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
1 Public-Key Cryptography and Message Authentication.
Computer and Network Security Rabie A. Ramadan Lecture 6.
1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cooperative Recovery of Distributed Storage Systems from Multiple Losses with Network Coding Yuchong Hu, Yinlong Xu, Xiaozhao Wang, Cheng Zhan and Pei.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
Secret Sharing Nisarg Raval Sep 24, Material is adapted from CS513 lecture notes.
Secret Sharing and Key Escrow Supplemental Information for Cryptology Class Lecture slides by Richard Newman.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
Creating and Managing Digital Certificates Chapter Eleven.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.
Introduction to Active Directory
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Private key
By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.
1 Lect. 19: Secret Sharing and Threshold Cryptography.
CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.
Encryption Name : Maryam Mohammed Alshami ID:H
Guided By: Prof. Rajarshree Karande JSPM’S IMPERIAL COLLEGE OF ENGINEERING & RESEARCH WAGHOLI, PUNE Group MemberRoll No. Abhijeet Aralgundkar03.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC
Secret Sharing Schemes In cryptography, secret sharing schemes refers to any method for distributing a secret among a group of participants, each of which.
SQL Server Encryption Ben Miller Blog:
Domain Name System The Technology Context Presentation.
Sindhusha Doddapaneni
RAID RAID Mukesh N Tekwani
Threshold RSA Cryptography
DATABASE SECURITY For CSCL (BIM).
RAID RAID Mukesh N Tekwani April 23, 2019
Presentation transcript:

Automated private key recovery for DNSSEC Colorado State University, CS 681 John Tesch

Motivation DNSSEC provides for asymmetric keys but does not address the issue of lost keys. The key regeneration process may affect performance of DNS servers Multiple pairs of keys create conflicts among DNS servers

Asymmetric keys The public key is stored in the KEY resource record and is backed up. The private key is stored and protected in the file system of the DNS server The public key can be reloaded The loss of the private key requires a re- computation of a new pair of keys

Simplistic Approach Take the private key, S prv, and encrypt it with the public key of the parent DNS server, P pub. m = [S prv,P pub ] Provides some redundancy, but still a single point of failure Can be compromised or lost

Our Approach Take the private key, S prv, and encrypt it with the public key of the parent, P pub. m = [S prv,P pub ] Divide the encryption, m, into parts or shares. m\n Distribute and encrypt the shares to subordinate DNS servers (child). [m/n,C pub ]

(k,n)=threshold scheme A dealer shares a secret key between n parties Each party receives a share A group of any k participants can cooperate to reconstruct the shares No group of k-1 participants can get any information about the secret

Algorithm modification Use Shamir’s (k,n)-threshold scheme Encrypt the shares with the public keys of the DNS childern Store the shares on the DNS database as a Resource Record

Conclusion Using our method, private keys can be stored in plain sight. The use of the (k,n)-threshold scheme allows for voting when recreating the private key The distribution of the shares cannot be easily traced