1. Written By: David Dagon Manos Antonakakis Paul Vixie Georgia Institute of Georgia Institute ofInternet Systems. Technology Technology Consortium Wenke Lee Tatuya Jinmei Presented By: Georgia Institute of Internet Systems Consortium Jarrod Williams Technology

2.  Overview  Domain Name System(DNS)  0x20 Bit Encoding  Conclusion

3.  DNS labels, matching, and the resolution process are all case insensitive  DNS query strings can have the alphabetical characters switched between lower case and upper by adding 0x20 or subtracting 0x20  Using different capitalization schemes DNS queries can be made unique and more resistant to DNS poisoning attacks

4.  Domain Name Field Value ◦ Uppercase = 0, Lowercase = 1  www.example.com 1111111111111  WWW.EXAMPLE.COM 0000000000000  WwW.eXaMpLe.CoM 0101010101010  wWw.ExAmPlE.cOm 1010101010101

5.  No radical changes  Protocol Stability  Backward Compatible  To protect the recursive resolver in its transaction with the authority servers

6.  Overview  Domain Name System(DNS)  0x20 Bit Encoding  Conclusion

7.  is a hierarchical naming system for computers, services, and any other resource participating on the internet to associate various information with domain names  DNS initiators on host machines are called stub resolvers

8.  Each domain is a node  Each zone consist of many nodes  Each node can have a subzone  DNS authority servers are sometimes called the SOA or Start of Authority.

10.  First, the stub resolver sends the query to the recursive server  Next, the recursive resolver consults with the root servers  Then the recursive server will consult with the “.com” zone authority servers  Finally, the answer is returned to the stub resolver, and cached by the recursive resolver to assist in future resolutions.

12.  Is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources  Attackers exploit DNS software by making it accept incorrect information and if the DNS response to the server is not accurately validated, it will end up caching the incorrect entries locally and serve them to users that make the same request

14.  Overview  Domain Name System(DNS)  0x20 Bit Encoding  Conclusion

15.  A DNS query is not copied into memory, it is rewritten just as it arrives over the wire  Almost all authority DNS servers preserve the case encoding of DNS queries, bit-for-bit, as they are presented by the recursive server  A pattern of mixed case encoding of domain names, make unique transactions between DNS initiators and responders and provides an additional means to track messages between servers

16.  A domain name input arrives as an answer from a server, or a query from a stub resolver  Transform the query field into a canonical format  Use a chosen encryption scheme to encrypt the canonical query  Bits are read in sequential fashion one byte at a time and all “0x20 capable” characters are encoded

17.  if the jth bit is 0, make the i query character upper case (i.e., buff[i] |= 0x20)  if the jth bit is 1, make the i query character lower case(i.e., buff[i] &= 0x20)  This produces a 0x20-encoded domain name that can be sent to an authority server, it can also be used to verify the query field returned by an authority server.

18.  0x20 capable character is a letter character on the ASCII table in hexadecimal format  American Standard Code for Information Interchange (ASCII)  The range is: ◦ A…Z 0x41 – 0x5A ◦ a…z 0x61 – 0x7A

19.  www.ucf.com - 6, 0x20 capable characters ◦ 6 bit key length ◦ 2 6 = 64 unique combinations  www.vh1.com - 5, 0x20 capable character ◦ 5 bit key length ◦ 2 5 = 32  www.licensing.disney.com – 18, 0x20 capable characters ◦ 18 bit key length ◦ 2 18 = 262,144

21.  Authority servers were checked for proper preservation and support of 0x20 encoding  For 3 weeks authority servers listed in the.com and.net zones were targeted  Yielding 75 million server names on average and 7 million probed queries, spread across every DNS server listed in these zones

22.  99.7% of all DNS servers studied could support DNS 0x20 encoding scheme without changing their code base  0.3% of the servers tended to display a failure to preserve DNS 0x20 encodings under very high query volumes  There is a high confidence in DNS bit encoding under high query volume

23.  Overview  Domain Name System(DNS)  0x20 Bit Encoding  Conclusion

24.  DNS poisoning attacks present a persistent, and ongoing threat to the Internet’s critical infrastructure  0x20 bit encoding makes an attackers job more difficult and makes the DNS server more resistant to attack, not impenetrable  This solution provides little over-head on the recursive server so performance is not sacrificed

25.  It is a light weight and practical improvement to DNS security  It does not require a radical restructure of the DNS infrastructure, and can be adopted unilaterally by recursive servers  Immediate improvement of DNS security and it does not require a community effort

26.  Focuses only on recursive DNS servers  The encoding does not provide strong guarantees for transaction integrity.  Encoding length is restricted to domain name capable characters only

27.  Explain in more detail how the keys would be managed  Investigate a way to expand DNS key length so keys are not limited to domain name capable characters only

28.  http://en.wikipedia.org/wiki/DNS_cache_poisoning  http://en.wikipedia.org/wiki/Domain_Name_Systm  http://technet.microsoft.com/enus/library/dd197427.aspx  http://fritz.cc.gt.atl.ga.us/ccs08/ccs202-dagon.pdf  http://www.asciitable.com/