We prove that the current DNSSEC standard, with NSEC and NSEC3 records, inherently suffers from zone enumeration: specifically, we show that security against (1) attackers that tamper with DNS messages and (2) privacy against zone enumeration cannot be satisfied simultaneously, unless the DNSSEC nameserver performs online public-key cryptographic operations.
We then propose a new construction that uses online public-key cryptography to solve the problem of DNSSEC zone enumeration. NSEC5 can be thought of as a variant of NSEC3, in which the unkeyed hash function is replaced with a deterministic RSA-based keyed hashing scheme. With NSEC5, a zone remains protected against network attackers and compromised nameservers even if the secret NSEC5-hashing key is compromised; leaking the NSEC5-hashing key only harms privacy against zone enumeration, effectively downgrading the security of NSEC5 back to that of the current DNSSEC standard (with NSEC3).
Category / Keywords: cryptographic protocols / Date: received 25 Jul 2014, last revised 5 Dec 2014 Contact author: dipapado at bu edu Available format(s): PDF | BibTeX Citation Version: 20141206:001538 (All versions of this report) Short URL: ia.cr/2014/582