DNSCurve

Last updated
DNS over HTTPS
Communication protocol
Developer(s)Daniel J. Bernstein
Introduction2009;15 years ago (2009) [1]
OSI layer Application layer
Website dnscurve.org

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

Contents

DNSCurve claims advantages over previous DNS services of: [1]

Structure

DNSCurve uses Curve25519 elliptic curve cryptography to establish the identity of authoritative servers. [2] Public keys for remote authoritative servers are placed in NS records, so recursive resolvers know whether the server supports DNSCurve. Keys begin with the magic string uz5 and are followed by a 51-byte Base32 encoding of the server's 255-bit public key. E.g., in BIND format:

example.com.INNSuz5bcx1nh80x1r17q653jf3guywz7cmyh5jv0qjz0unm56lq7rpj8l.example.com.

The identity is used to establish keys used by an authenticated encryption scheme consisting of Salsa20 and Poly1305.The cryptographic setup is called a "cryptographic box", specifically crypto_box_curve25519xsalsa20poly1305. [3]

The "cryptographic box" tool used in DNSCurve are the same used in CurveCP, a UDP-based protocol which is similar to TCP but uses elliptic-curve cryptography to encrypt and authenticate data. An analogy is that while DNSSEC is like signing a webpage with Pretty Good Privacy (PGP), CurveCP and DNSCurve are like encrypting and authenticating the channel using Transport Layer Security (TLS). Just as PGP-signed webpages can be sent over an encrypted channel using SSL, DNSSEC data can be protected using DNSCurve. [4]

Operation

The resolver first retrieves the public key from the NS record, see § Structure above.

The resolver then sends to the server a packet containing its DNSCurve public key, a 96-bit nonce, and a cryptographic box containing the query. The cryptographic box is created using the resolver's private key, the server's public key, and the nonce. The response from the server contains a different 96-bit nonce and its own cryptographic box containing the answer to the query.

Security

DNSCurve uses 256-bit elliptic-curve cryptography, which NIST estimates to be roughly equivalent to 3072-bit RSA. [5] ECRYPT reports a similar equivalence. [6] It uses per-query public-key crypto (like SSH and SSL), and 96-bit nonces to protect against replay attacks. Adam Langley, security officer at Google, says "With very high probability, no one will ever solve a single instance of Curve25519 without a large, quantum computer." [7]

Speed

Adam Langley has posted speed tests on his personal website showing Curve25519, used by DNSCurve, to be the fastest among elliptic curves tested. [8] According to the U.S. National Security Agency (NSA), elliptic curve cryptography offers vastly superior performance over RSA and Diffie–Hellman at a geometric rate as key sizes increase. [9]

Implementations

DNSCurve first gained recursive support in dnscache via a patch [10] by Matthew Dempsky. Dempsky also has a GitHub repository which includes Python DNS lookup tools and a forwarder in C. [11] Adam Langley has a GitHub repository as well. [12] There is an authoritative forwarder called CurveDNS [13] which allows DNS administrators to protect existing installations without patching.

Jan Mojžíš has released curveprotect, [14] a software suite which implements DNSCurve and CurveCP protection for common services like DNS, SSH, HTTP, and SMTP.

DNSCurve.io (2023) recommends two implementations: Jan Mojžíš's dqcache for recursive resolvers, CurveDNS for authoritative servers. [15]

Deployment

OpenDNS, which has 50 million users, announced support for DNSCurve on its recursive resolvers on February 23, 2010. In other words, its recursive resolvers now use DNSCurve to communicate to authoritative servers if available. [16] On December 6, 2011, OpenDNS announced a new tool, called DNSCrypt. [17] DNSCrypt is based on similar cryptographic tools as DNSCurve, but instead protects the channel between OpenDNS and its users. [18]

No equally large authoritative DNS providers have yet deployed DNSCurve.

See also

DNSCurve is intended to secure communication between a resolver and an authoritative server. For securing communication between DNS clients and resolvers, there are several options:

Notes

  1. 1 2 "Introduction to DNSCurve". DNSCurve. 22 June 2009. Retrieved 16 March 2016.
  2. D. J. Bernstein. "Curve25519: high-speed elliptic-curve cryptography" . Retrieved 30 January 2013.
  3. "Public-key authenticated encryption: crypto_box". nacl.cr.yp.to. crypto_box is curve25519xsalsa20poly1305, a particular combination of Curve25519, Salsa20, and Poly1305 specified in "Cryptography in NaCl". This function is conjectured to meet the standard notions of privacy and third-party unforgeability.
  4. "CurveCP: Usable security for the Internet" . Retrieved 18 January 2024.
  5. "NIST Recommendations (2011)".
  6. "ECRYPT II Yearly Report on Algorithms and Keysizes (2010-2011)" (PDF). Archived from the original (PDF) on 2012-06-02.
  7. "Adam Langley on curve25519 security".
  8. "Adam Langley: What a difference a prime makes".
  9. "The Case for Elliptic Curve Cryptography". NSA. Archived from the original on January 17, 2009. Retrieved January 17, 2009.
  10. "DNSCurve patch for dnscache". Archived from the original on 2012-12-28.
  11. "Matthew Dempsky's DNSCurve repo on GitHub". GitHub . 13 August 2019.
  12. "Adam Langley's DNSCurve repo". GitHub . 13 August 2019.
  13. "CurveDNS: A DNSCurve Forwarding Name Server".
  14. "curveprotect, a complex collection of tools for protecting wide range of internet services". Archived from the original on 2013-05-26. Retrieved 2012-05-09.
  15. "DNSCurve.io - A Community for DNSCurve". dnscurve.io.
  16. "OpenDNS adopts DNSCurve". Archived from the original on 2010-02-26. Retrieved 2010-04-13.
  17. "OpenDNS unveils DNSCrypt". Archived from the original on 2013-02-03.
  18. "net/dnscrypt-proxy: dnscrypt-proxy-1.4.3 – secure communications between a DNS client and resolver". OpenBSD ports . 2015-01-06. Retrieved 2015-02-09.

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

<span class="mw-page-title-main">Block cipher mode of operation</span> Cryptography algorithm

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

In computing, Internet Key Exchange is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS ‒ and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained.

<span class="mw-page-title-main">Daniel J. Bernstein</span> American mathematician, cryptologist and computer scientist (born 1971)

Daniel Julius Bernstein is an American mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA at Ruhr University Bochum, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography.

NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.

strongSwan is a multiplatform IPsec implementation. The focus of the project is on authentication mechanisms using X.509 public key certificates and optional storage of private keys and certificates on smartcards through a PKCS#11 interface and on TPM 2.0.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

Obfuscated TCP (ObsTCP) was a proposal for a transport layer protocol which implements opportunistic encryption over Transmission Control Protocol (TCP). It was designed to prevent mass wiretapping and malicious corruption of TCP traffic on the Internet, with lower implementation cost and complexity than Transport Layer Security (TLS). In August 2008, IETF rejected the proposal for a TCP option, suggesting it be done on the application layer instead. The project has been inactive since a few months later.

The Transport Layer Security (TLS) protocol provides the ability to secure communications across or inside networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers. DNSCrypt wraps unmodified DNS traffic between a client and a DNS resolver in a cryptographic construction, preventing eavesdropping and forgery by a man-in-the-middle.

DNS-based Authentication of Named Entities (DANE) is an Internet security protocol to allow X.509 digital certificates, commonly used for Transport Layer Security (TLS), to be bound to domain names using Domain Name System Security Extensions (DNSSEC).

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

In cryptography, Curve448 or Curve448-Goldilocks is an elliptic curve potentially offering 224 bits of security and designed for use with the elliptic-curve Diffie–Hellman (ECDH) key agreement scheme.

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.

Application Layer Transport Security (ALTS) is a Google-developed authentication and transport encryption system used for securing Remote Procedure Call (RPC) within Google machines. Google started its development in 2023, as a tailored modification of TLS.

ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast software performance, and without hardware acceleration, is usually faster than AES-GCM.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.