Private DNS Phillip Hallam-Baker. Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Chapter 5 Network Security Protocols in Practice Part I
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 8 Web Security.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
SSH Secure Login Connections over the Internet
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.
Secure Socket Layer (SSL)
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Karlstad University IP security Ge Zhang
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Chapter 14 Network Encryption
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Cryptography CSS 329 Lecture 13:SSL.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
PPP – Point to Point Protocol
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Unit 8 Network Security.
Presentation transcript:

Private DNS Phillip Hallam-Baker

Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice of resolver Service Protect resolver (resource exhaustion) Protect third parties (amplification)

Constraints (from OCSP Experience) Must work in 100% of network circumstances In hotels, coffee shops, etc. etc. Cannot increase latency Almost as good is not sufficient A modest performance penalty is acceptable for dealing with edge cases (no more than 5%)

Architecture I Service connection establishment User specifies resolution service ‘dns.example.com’ Use HTTPS/JSON Web service to establish connection to service Hosts to use IP Address / Kerberos Ticket / Shared Secret / Algorithms Protocol version / formats / options TLS & WebPKI used to establish connection Performance is not an issue as this is not inside the transaction loop

Architecture II Resolution Protocol UDP Simple session layer 1 request packet, 0-16 response packets Every message is authenticated and encrypted Messages can contain padding to guard against traffic analysis attack TLS Wrap above packets in HTTPS or TLS in addition Provides a fallback protocol with near 100% connectivity

Applications Anonymous use The service connection establishment request is not authenticated Enterprise customer Likely early adopter market Private-DNS is likely connecting to split horizon DNS Service connection establishment request is authenticated

Complexity Strategy Resolution protocol is very simple Framing is described in 2 pages using TLS schema syntax JCX Service connection mechanism can be simple or complex as needed Reusable component Private-DNS What is the A record of example.net Omnibroker “How does connect to geolocate at Omnipublish “geolocate service starting at example.net”

Open Questions Is an additional layer of crypto desirable? Can easily add an intermediate layer of crypto Use a public key as the long term host key Negotiate session key for use each time IP address changes. A: Probably, now just waiting for CFRG ECC outcome

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.