DNSCurve
DNSCurve is a proposed new secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein.
Description
DNSCurve uses Curve25519[1] Elliptic curve cryptography to establish keys used by Salsa20, paired with the MAC function Poly1305, to encrypt and authenticate DNS packets between resolvers and authoritative servers. Public keys for remote authoritative servers are placed in NS records, so recursive resolvers know whether the server supports DNSCurve. Keys begin with the magic string uz5
and are followed by a 51-byte Base32 encoding of the server's 255-bit public key. E.g., in BIND format:
example.com. IN NS uz5bcx1nh80x1r17q653jf3guywz7cmyh5jv0qjz0unm56lq7rpj8l.example.com.
The resolver then sends to the server a packet containing its DNSCurve public key, a 96-bit nonce, and a cryptographic box containing the query. The cryptographic box is created using the resolver's private key, the server's public key, and the nonce. The response from the server contains a different 96-bit nonce and its own cryptographic box containing the answer to the query.
The cryptographic tools used in DNSCurve are the same used in CurveCP, a UDP-based protocol which is similar to TCP but uses elliptic-curve cryptography to encrypt and authenticate data. An analogy is that while DNSSEC is like signing a webpage with PGP, CurveCP and DNSCurve are like encrypting and authenticating the channel using SSL. Just as PGP-signed webpages can be sent over an encrypted channel using SSL, DNSSEC data can be protected using DNSCurve.
DNSCurve claims advantages over previous DNS services of:[2]
- Confidentiality—usual DNS requests and responses are not encrypted, and broadcast to any attacker.
- Integrity—usual DNS has some protection, but with patience and sniffing attackers can forge DNS records; this is prevented by DNSCurve cryptographic authentication.
- Availability—usual DNS has no protection against denial of service (DoS) by a sniffing attacker sending a few forged packets per second. DNSCurve recognizes and discards forged DNS packets, providing some protection, though SMTP, HTTP, HTTPS, are also vulnerable to DoS.
Security
DNSCurve uses 256-bit elliptic-curve cryptography, which NIST estimates to be roughly equivalent to 3072-bit RSA.[3] ECRYPT reports a similar equivalence.[4] It uses per-query public-key crypto (like SSH and SSL), and 96-bit nonces to protect against replay attacks. Adam Langley, security officer at Google, says "With very high probability, no one will ever solve a single instance of curve25519 without a large, quantum computer."[5]
Speed
Adam Langley has posted speed tests on his personal website showing curve25519, used by DNSCurve, to be the fastest among elliptic curves tested.[6] According to the NSA, elliptic curve cryptography offers vastly superior performance over RSA and Diffie-Hellman at a geometric rate as key sizes increase.[7]
Implementations
DNSCurve first gained recursive support in dnscache via a patch[8] by Matthew Dempsky. Dempsky also has a GitHub repository which includes Python DNS lookup tools and a forwarder in C.[9] Adam Langley has a GitHub repository as well.[10] There is an authoritative forwarder called CurveDNS[11] which allows DNS administrators to protect existing installations without patching. OpenDNS has released DNSCrypt[12] to protect the channel between OpenDNS's users and its recursive resolvers. Jan Mojžíš has released curveprotect,[13] a software suite which implements DNSCurve and CurveCP protection for common services like DNS, SSH, HTTP, and SMTP.
Deployment
OpenDNS, which has 50 million users, announced support for DNSCurve on its recursive resolvers on February 23, 2010.[14] Then on December 6, 2011, OpenDNS announced a new tool, called DNSCrypt.[15] DNSCrypt protects the channel between OpenDNS and its users.[16] No equally large authoritative DNS providers have yet deployed DNSCurve.
See also
Notes
- ^ D. J. Bernstein. "Curve25519: high-speed elliptic-curve cryptography". Retrieved 30 January 2013.
- ^ "Introduction to DNSCurve". DNSCurve. 22 June 2009. Retrieved 16 March 2016.
- ^ "NIST Recommendations (2011)".
- ^ "ECRYPT II Yearly Report on Algorithms and Keysizes (2010-2011)" (PDF).
- ^ "Adam Langley on curve25519 security".
- ^ "Adam Langley: What a difference a prime makes".
- ^ "The Case for Elliptic Curve Cryptography". NSA. Archived from the original on January 17, 2009. Retrieved January 17, 2009.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help) - ^ "DNSCurve patch for dnscache".
- ^ "Matthew Dempsky's DNSCurve repo on GitHub".
- ^ "Adam Langley's DNSCurve repo".
- ^ "CurveDNS: A DNSCurve Forwarding Name Server".
- ^ "DNSCrypt: Securing a critical piece of Internet infrastructure".
- ^ "curveprotect, a complex collection of tools for protecting wide range of internet services".
- ^ "OpenDNS adopts DNSCurve".
- ^ "OpenDNS unveils DNSCrypt".
- ^ "net/dnscrypt-proxy: dnscrypt-proxy-1.4.3 – secure communications between a DNS client and resolver". OpenBSD ports. 2015-01-06. Retrieved 2015-02-09.
External links
- Official website
- High-speed cryptography and DNSCurve, a June 2009 presentation by the author
- DNSCurve: Usable security for DNS, an August 2008 presentation by the author
- draft-dempsky-dnscurve-01 Proposed standard "DNSCurve: Link-Level Security for the Domain Name System", sent by M. Dempsky (from OpenDNS) to IETF (updated in February 2010)
- OpenDNS adopts DNSCurve, official OpenDNS blog entry
- CurveDNS, DNSCurve forwarding name server
- NaCl, Networking and Cryptography library