Network Convergence & Security Laboratory

Presented by jhlee2019

Abstract
The success of Content Delivery Networks (CDNs) relies on the mapping system that leverages dynamically generated DNS records to distribute client requests to a proximal server for achieving optimal content delivery. However, the mapping system is vulnerable to malicious hijacks, as (1) it is difficult to provide precomputed DNSSEC signatures for dynamically generated records, and (2) even considering when DNSSEC is enabled, DNSSEC itself is vulnerable to replay attacks. By leveraging crafted but legitimate mapping between the end-user and edge server, adversaries can hijack CDN’s request redirection and nullify the benefits offered by CDNs, such as proximal access, load balancing, and Denial-of-Service (DoS) protection, while remaining undetectable by existing security practices including DNSSEC. In this paper, we investigate the security implications of dynamic mapping that remain understudied in security and CDN communities. We perform a characterization of CDN’s service delivery and assess this fundamental vulnerability in DNS-based CDNs in the wild. We demonstrate that DNSSEC is ineffective to address this problem, even with the newly adopted ECDSA that is capable of achieving live signing. We then discuss practical countermeasures against such manipulation.

 

제목 작성자 추천수 조회수 작성
[2020.04.01] Post-Quantum Authentication in TLS 1.3: A Performance Study file jhlee2019 0 3 2020-04-01 [2020.04.01] Post-Quantum Authentication in TLS 1.3: A Performance Study file
jhlee2019 2020-04-01 3 0
[2020.03.11] DISCO- Sidestepping RPKI's Deployment Barriers file mhkang 0 8 2020-03-25 [2020.03.11] DISCO- Sidestepping RPKI's Deployment Barriers file
mhkang 2020-03-25 8 0
[2020.03.18] Encoding Social Information with Graph Convolutional Networks for Political Perspective Detection in News Media file slchun 0 9 2020-03-18 [2020.03.18] Encoding Social Information with Graph Convolutional Networks for Political Perspective Detection in News Media file
slchun 2020-03-18 9 0
[2020.03.04] We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy file ykjung 0 15 2020-03-04 [2020.03.04] We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy file
ykjung 2020-03-04 15 0
[2020.01.30.] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed file hwlee2014 0 16 2020-02-17 [2020.01.30.] LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed file
hwlee2014 2020-02-17 16 0
[2020.02.13] Quack: Scalable Remote Measurement of Application-Layer Censorship file hmlee 0 13 2020-02-17 [2020.02.13] Quack: Scalable Remote Measurement of Application-Layer Censorship file
hmlee 2020-02-17 13 0
[2020.01.09] End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks file jhlee2019 0 33 2020-01-09 [2020.01.09] End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks file
jhlee2019 2020-01-09 33 0
[2020.01.02] Sentiment Analysis of Peer Review Texts for Scholarly Papers file slchun 0 31 2020-01-02 [2020.01.02] Sentiment Analysis of Peer Review Texts for Scholarly Papers file
slchun 2020-01-02 31 0