Redirigiendo al acceso original de articulo en 23 segundos...
Inicio  /  Information  /  Vol: 10 Par: 9 (2019)  /  Artículo
ARTÍCULO
TITULO

Another Step in the Ladder of DNS-Based Covert Channels: Hiding Ill-Disposed Information in DNSKEY RRs

Marios Anagnostopoulos and John André Seem    

Resumen

Covert channel communications are of vital importance for the ill-motivated purposes of cyber-crooks. Through these channels, they are capable of communicating in a stealthy way, unnoticed by the defenders and bypassing the security mechanisms of protected networks. The covert channels facilitate the hidden distribution of data to internal agents. For instance, a stealthy covert channel could be beneficial for the purposes of a botmaster that desires to send commands to their bot army, or for exfiltrating corporate and sensitive private data from an internal network of an organization. During the evolution of Internet, a plethora of network protocols has been exploited as covert channel. DNS protocol however has a prominent position in this exploitation race, as it is one of the few protocols that is rarely restricted by security policies or filtered by firewalls, and thus fulfills perfectly a covert channel?s requirements. Therefore, there are more than a few cases where the DNS protocol and infrastructure are exploited in well-known security incidents. In this context, the work at hand puts forward by investigating the feasibility of exploiting the DNS Security Extensions (DNSSEC) as a covert channel. We demonstrate that is beneficial and quite straightforward to embed the arbitrary data of an aggressor?s choice within the DNSKEY resource record, which normally provides the public key of a DNSSEC-enabled domain zone. Since DNSKEY contains the public key encoded in base64 format, it can be easily exploited for the dissemination of an encrypted or stego message, or even for the distribution of a malware?s binary encoded in base64 string. To this end, we implement a proof of concept based on two prominent nameserver software, namely BIND and NDS, and we publish in the DNS hierarchy custom data of our choice concealed as the public key of the DNS zone under our jurisdiction in order to demonstrate the effectiveness of the proposed covert channel.

Palabras claves

 Artículos similares

       
 
Elena Quatrini, Silvia Colabianchi, Francesco Costantino and Massimo Tronci    
In the field of industrial process monitoring, scholars and practitioners are increasing interest in time-varying processes, where different phases are implemented within an unknown time frame. The measurement of process parameters could inform about the... ver más
Revista: Applied Sciences

 
Boris Melnikov,Aleksandra Melnikova     Pág. 1 - 9
The maximum prefix code is defined in the usual way, ?based on the things stated in the student courses?. An extended maximum prefix code is a finite language containing some maximum prefix code as a subset (proper or improper one). Also the (homo)morphi... ver más

 
Liang Jin, Zude Zhou, Kunlun Li, Guoliang Zhang, Quan Liu, Bitao Yao and Yilin Fang    
Carbon fiber is becoming a key material for engineering applications due to its excellent comprehensive properties. The process parameter optimization is an important step in the polymerization process of carbon fiber production. At present, most of the ... ver más
Revista: Applied Sciences

 
Simone Battistini, Giulio De Angelis, Mauro Pontani and Filippo Graziani    
Modern space missions often require satellites to perform guidance, navigation, and control tasks autonomously. Despite their limited resources, small satellites are also involved in this trend, as in-orbit rendezvous and docking maneuvers and formation ... ver más
Revista: Applied Sciences

 
Dimitris Fotakis, Loukas Kavouras and Lydia Zakynthinou    
The Dynamic Facility Location problem is a generalization of the classic Facility Location problem, in which the distance metric between clients and facilities changes over time. Such metrics that develop as a function of time are usually called ?evolvin... ver más
Revista: Algorithms