These Are Not the Hosts You Are Looking for: Detection and Forensics of Domains Hijacking

21.05.2015, 15:00 – 16:00

2015/05/21 15:00-16:00

Speaker: Spyros Boukoros | Location: Mornewegstraße 32 (S4|14), Room 3.1.01, Darmstadt

Organizer: Giorgia Azzurra Marson / Nina Bindel

Abstract

The naming service provided by Domain Name System (DNS) is essential for locating resources on the Internet, for distributing security mechanisms in an authenticated manner, and for facilitating future applications. Unfortunately, despite the critical function that the naming service of the DNS infrastructure fulfills, it is extremely vulnerable to domain hijacking attacks. While most of the attacks go undetected, they are detrimental for the availability of the Internet services, and the security and privacy of clients and networks. We design and develop a system, we call LUDIC (LookUp DIstributed Cache), for detection of domain hijacking attacks. Our system also enables forensic analysis and provides victims with signed evidences allowing them to prove breaches to third parties, such as a court of law or a resolution authority.

LUDIC uses distributed vantage points to validate DNS records, and does not require establishing a chain of trust to a centralised trust anchor, hence sidestepping the adoption challenges inherent in DNSSEC. Our system does not introduce any changes to the existing infrastructure and can be easily integrated into an Intrusion Detection System (IDS) or a firewall, while providing an immediate benefit to adopters. In our talk we give an short introduction to the underlying infrastructures like DNS and CDN, explain our system LUCID and present some first results.

Short Bio

  • Diploma in Electronic and Computer Engineering at Technical University of Crete
  • Now with CROSSING in the team of Professor Waidner – S3 – Privacy Preserving Access and Verifiable Utilization