ATHENE-Forschung
KeyTrap: Kritische Sicherheitslücke in der Internet-Infrastruktur
ATHENE-Forschende haben einen grundlegenden Design-Fehler von DNSSEC, der Sicherheitserweiterung des DNS (Domain Name System) aufgedeckt und unterstützen Hersteller und Dienstanbieter bei der Behebung. Ohne Korrektur könnte der Fehler schwerwiegende Auswirkungen auf DNSSEC-Implementierungen und öffentliche DNS-Anbieter wie Google und Cloudflare haben. Unter der Leitung von Prof. Dr. Haya Schulmann von der Goethe-Universität Frankfurt hat das ATHENE-Team mit „KeyTrap“ eine neue Angriffsklasse entwickelt, die zeigt, wie Hacker den Design-Fehler ausnutzen könnten: Mit nur einem einzigen DNS-Paket könnten Hacker alle gängigen DNS-Implementierungen und öffentlichen DNS-Anbieter lahmlegen. Ein Ausnutzen dieses Angriffs hätte schwerwiegende Folgen für jede Anwendung, die das Internet nutzt, einschließlich der Nichtverfügbarkeit von Technologien wie Web-Browsern, E-Mail und Instant Messaging. Diese verheerende Wirkung veranlasste große DNS-Anbieter, KeyTrap als „den schlimmsten je entdeckten Angriff auf DNS“ zu bezeichnen. Die Forschenden haben mit Herstellern und DNS-Anbietern zusammengearbeitet und spezifische Patches entwickelt, um die Sicherheitslücke zu schließen. Es wird dringend empfohlen, diese Patches sofort anzuwenden.
Die Angriffsvektoren, die in der KeyTrap-Angriffsklasse ausgenutzt werden, sind in der CVE-Datenbank (Common Vulnerabilities and Exposures) unter der Sammel-Bezeichnung CVE-2023-50387 registriert.
Die Entdeckung und Behebung dieses Design-Fehlers in DNSSEC ist ein gutes Beispiel für die Bedeutung der Cybersicherheitsforschung, die dazu beiträgt, proaktiv Cyberangriffe zu verhindern und die Sicherheit zu verbessern. ATHENE hat mit seinen Arbeiten bereits mehrere gravierende Sicherheitslücken im Internet entdeckt und damit zur Verbesserung der Sicherheit zum Nutzen vieler Millionen Anwender*innen in Deutschland und weltweit beigetragen.
Technischer Bericht
Die technischen Hintergründe sind in diesem (auf Englisch) zusammengefasst: Bericht (PDF, 1,2 MB)
Die finale Version dieses Berichts wird auf der ACM Conference on Computer and Communications Security (ACM CCS), Salt Lake City, 14.-18. Oktober 2024, unter dem Titel “The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC” präsentiert werden.
The KeyTrap vulnerability is a flaw in the Internet Standard defining DNSSEC, the security extension for the Domain Name Service (DNS). The standard defines multiple requirements that dictate resolvers to try all available cryptographic material; try all available DNSSEC keys against all available DNSSEC signatures. An attacker can set up a malicious domain with many keys using the same key-tag and many signatures referring to that key-tag. Following the standard, a resolver will attempt to validate ALL keys against ALL signatures, leading to a quadratic effort validating the domain. With a sufficiently large amount of keys and signatures, an attacker can exhaust the CPU resources of the resolver, achieving a Denial-of-Service (DoS).
Since the vulnerability is in the internet standard, all DNS resolvers that implement the DNSSEC standard are vulnerable to KeyTrap. This includes all major vendors, e.g. Unbound (NLNetLabs), Bind9 (ISC), Google Public Resolver, Cloudflare 1.1.1.1, and many more.
A single DNS packet allows an attacker to stall DNS resolvers between about 1min and 16h, depending on the resolver implementation. This means an attacker can continuously stall any DNSSEC validating resolver with a few packets per minute, achieving 100% DoS on the resolver answering benign requests.
As an end-user, there is no immediate action required. If you want to ensure your Internet provider has resolved the problem, you can inform them of the vulnerability. If your provider is under active attack and resolution is not possible, you may switch to one of the open resolvers which have already deployed patches, including Quad9, Cloudflare, and Google.
As a provider of DNS services, like an open resolver or an ISP, update your DNS resolution software to the newest version as soon as possible to mitigate the attack surface. Patches for all major vendors have already been published. If deployment of patches is not currently possible, you can consider forwarding results of an Open Resolver. We do not advice for disabling DNSSEC validation unless carefully considered and under active attack, as downgrading protection opens the resolver up for other DNS attacks.
Finally, if you run an authoratiative DNS server, you might also want to update the tools you use in case you allow user to upload zones and check them with tooling. Your zone-checking tools might also be vulnerable to the attack.
DNSSEC is an important cryptographic protocol and continue using it is heavily emphasized to protect against attacks on DNS. The KeyTrap attack exposed a fundamental flaw in the standard defining DNSSEC, i.e. that the resource exhaustion through a high number of validations was not considered. This flaw is, for now, mitigated by implementations deviating from the standard in their willingness to validate. An improved standard must be drafted in the future that will account for this problem, allowing implementations to again following the standard in validation count requirements. We do not advice on moving away from DNSSEC.
No. KeyTrap is a powerful Denial-of-Service attack, it allows an attacker to prevent a DNS resolver to answer no benign requests with very low attacker traffic. However, it does not attack cryptographic components of DNSSEC and thus cannot circumvent DNSSEC protection. The cryptography of DNSSEC is not broken by KeyTrap.
The deployed patches limit the amount of validations that the resolver is willing to invest in a resolution request by a user. This limits the amount of CPU resources the attacker can exhaust with the attack. Patches also implement additional mitigations, like de-prioritizing of busy validation threads, answering cached entries on separate threads, limiting the amount of colliding DNS keys, and limiting the maximum amount of failed validations.
The vulnerability was discovered by a team of ATHENE researchers, namely Elias Heftrig from Fraunhofer SIT, Prof. Haya Schulmann and Niklas Vogel from Goethe University Frankfurt, and Prof. Michael Waidner from TU Darmstadt and Fraunhofer SIT.