2023年第30届网络与分布式系统安全会议 | NDSS 2023

摘要

In this paper, we propose Phoenix Domain, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain. Phoenix Domain has two variations and affects all mainstream DNS software and public DNS resolvers overall because it does not violate any DNS specifications and best security practices. The attack is made possible through systematically “reverse engineer” the cache operations of 8 DNS implementations, and new attack surfaces are revealed in the domain name delegation processes. We select 41 well-known public DNS resolvers and prove that all surveyed DNS services are vulnerable to Phoenix Domain, including Google Public DNS and Cloudflare DNS. Extensive measurement studies are performed with 210k stable and distributed DNS recursive resolvers, and results show that even after one month from domain name revocation and cache expiration, more than 25% of recursive resolvers can still resolve it. The proposed attack provides an opportunity for adversaries to evade the security practices of malicious domain take-down. We have reported discovered vulnerabilities to all affected vendors and suggested 6 types of mitigation approaches to them. Until now, 7 DNS software providers and 15 resolver vendors, including BIND, Unbound, Google, and Cloudflare, have confirmed the vulnerabilities, and some of them are implementing and publishing mitigation patches according to our suggestions. In addition, 9 CVE numbers have been assigned. The study calls for standardization to address the issue of how to revoke domain names securely and maintain cache consistency.

日期
2月 27, 2023 12:00 AM — 3月 3, 2023 11:59 PM
位置
Catamaran Resort Hotel & Spa
3999 Mission Boulevard, San Diego, 92109

在2023年第30届网络与分布式系统安全会议上,我分享了我们关于DNS最新的研究工作(Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation and Revocation)以及诸葛老师组的展板(Demo: Ransom Vehicle through Charging Pile)。开会期间,见到了去年在我们组访问的秦悦(和悦姐畅聊!),也认识了很多新朋友和老师(UCI,IU,UCR,PU,皇马老家马德里的IMDEA)。最后,代替杨家海老师团队领取了最佳论文奖(1/2),很厉害的工作,感受了领奖的氛围。

Moments

group
t-shirt
poster
bird
beach
dinner
hiking
award
celebration

李想
李想
南开大学副教授

李想,南开大学副教授,南开大学CTF战队指导老师、ACM会员、CCF会员、中国通讯学会会员、顶会IMC 2025 PC、AsiaCCS 2025 PC。研究方向为网络与协议安全、Web安全、漏洞挖掘等,已发表论文18篇(含一作6篇:在网络安全四大顶会均有发表、通讯1篇、二作3篇),第一发明人授权专利1项及实质审查中5项(共11项),在Black Hat多次分享,获得200+CVE等漏洞编号,370+GitHub stars。研究获得多个政府及大学CERT安全公告、100+媒体报道,并被纳入RFC标准文档。其也获得了多项奖项荣誉,如2024年度ACM SIGSAC中国优博奖、2024年度黑客奥斯卡Pwnie提名奖、IPv6创新大赛一等奖、GeekCon国际安全极客大赛亚军及非凡黑客荣誉称号、王大中奖学金、博士研究生国家奖学金、清华优秀奖学金、优秀博士毕业生等。