论文标题

从IP到运输及其他:针对应用的跨层攻击

From IP to transport and beyond: cross-layer attacks against applications

论文作者

Dai, Tianxiang, Jeitner, Philipp, Shulman, Haya, Waidner, Michael

论文摘要

我们对启动DNS缓存中毒的方法进行了首次分析:IP层的操纵,劫持域间路由的劫持以及通过侧向通道探测开放端口。我们对Internet中的DNS解析器进行了评估这些方法,并将其在有效性,适用性和隐身方面进行比较。我们的研究表明,DNS缓存中毒是一种实用而普遍的威胁。 然后,我们演示了跨层攻击,这些攻击利用DNS缓存中毒来攻击流行系统,从安全机制(例如RPKI)到voip等应用程序。 In addition to more traditional adversarial goals, most notably impersonation and Denial of Service, we show for the first time that DNS cache poisoning can even enable adversaries to bypass cryptographic defences: we demonstrate how DNS cache poisoning can facilitate BGP prefix hijacking of networks protected with RPKI even when all the other networks apply route origin validation to filter invalid BGP announcements.我们的研究表明,DNS在互联网安全中起着比以前假设的核心作用。 我们建议缓解用于确保应用和防止缓存中毒的方法。

We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS resolvers in the Internet and compare them with respect to effectiveness, applicability and stealth. Our study shows that DNS cache poisoning is a practical and pervasive threat. We then demonstrate cross-layer attacks that leverage DNS cache poisoning for attacking popular systems, ranging from security mechanisms, such as RPKI, to applications, such as VoIP. In addition to more traditional adversarial goals, most notably impersonation and Denial of Service, we show for the first time that DNS cache poisoning can even enable adversaries to bypass cryptographic defences: we demonstrate how DNS cache poisoning can facilitate BGP prefix hijacking of networks protected with RPKI even when all the other networks apply route origin validation to filter invalid BGP announcements. Our study shows that DNS plays a much more central role in the Internet security than previously assumed. We recommend mitigations for securing the applications and for preventing cache poisoning.

扫码加入交流群

加入微信交流群

微信交流群二维码

扫码加入学术交流群,获取更多资源