The Internet relies on the Domain Name System (DNS) for a plethora of its uses, including web browsing, TLS certificates, and email. DNS is critical for today's Internet, so DNSSEC was standardized as one of the first security extensions to any Internet protocol. Until today, DNSSEC has been deployed in about one third of systems.
In this talk we present a new class of devastating attacks on DNSSEC, named KeyTrap, that allow for a comprehensive and continuous DoS of any DNSSEC-validating DNS resolver. The vulnerabilities stem directly from requirements in the DNSSEC standard and we find all DNSSEC-validating resolvers vulnerable. The KeyTrap attacks exploit algorithmic complexity, e.g., in validating signatures against DNSSEC keys, to stall any resolver and DoS its services for all its clients. A single 100 Bytes DNS request can cause a resolver to cease responding for between two minutes and 16 hours, depending on the implementation. With KeyTrap, an attacker could have disrupted service for a large part of global Internet users, which is why leading developers of DNS software referred to KeyTrap as "The worst attack on DNS ever discovered". Exploitation can be achieved from remote and with very low attack traffic volume, making the attack easy to set up, conduct, and keep secretive.
In this talk we show the design of KeyTrap and illustrate its severe impact on DNSSEC-validating resolvers. We give insights into the month-long confidential disclosure process with developers and operators from the industry, including ISC, NLnet Labs, Google, Cloudflare, and Akamai. Finally, we show the arduous process of patching a vulnerability that stems directly from multiple requirements in the Internet standard, illustrating the challenges of creating stable and secure software that intentionally disobeys RFC requirements.
Elias Heftrig is a security researcher at the German National Research Center for Applied Cybersecurity ATHENE. He investigates the security of protocols and infrastructures on the Internet with a focus on DNS and its applications. Elias holds an M.Sc. in IT-Security from TU Darmstadt.
Niklas Vogel is a routing security researcher at Goethe University Frankfurt. His research focuses on the security of Internet Protocols, with an emphasis on BGP, RPKI, and DNS.
