Attacking with Something That Does Not Exist: 'Proof of Non-Existence' Can Exhaust DNS Resolver CPU

from arxiv, 13 pages, 7 figures for the associated zonefile generator implementation, see https://github.com/Goethe-Universitat-cybersecurity/NSEC3-Encloser-Attack submitted to USENIX WOOT '24

NSEC3 is a proof of non-existence in DNSSEC, which provides an authenticated assertion that a queried resource does not exist in the target domain. NSEC3 consists of alphabetically sorted hashed names before and after the queried hostname. To make dictionary attacks harder, the hash function can be applied in multiple iterations, which however also increases the load on the DNS resolver during the computation of the SHA-1 hashes in NSEC3 records. Concerns about the load created by the computation of NSEC3 records on the DNS resolvers were already considered in the NSEC3 specifications RFC5155 and RFC9276. In February 2024, the potential of NSEC3 to exhaust DNS resolvers' resources was assigned a CVE-2023-50868, confirming that extra iterations of NSEC3 created substantial load. However, there is no published evaluation of the attack and the impact of the attack on the resolvers was not clarified. In this work we perform the first evaluation of the NSEC3-encloser attack against DNS resolver implementations and find that the NSEC3-encloser attack can still create a 72x increase in CPU instruction count, despite the victim resolver following RFC5155 recommendations in limiting hash iteration counts. The impact of the attack varies across the different DNS resolvers, but we show that with a sufficient volume of DNS packets the attack can increase CPU load and cause packet loss. We find that at a rate of 150 malicious NSEC3 records per second, depending on the DNS implementation, the loss rate of benign DNS requests varies between 2.7% and 30%. We provide a detailed description and implementation of the NSEC3-encloser attack. We also develop the first analysis how each NSEC3 parameter impacts the load inflicted on the victim resolver during NSEC3-encloser attack.

翻译：NSEC3是DNSSEC中的一种不存在证明机制，它提供经过认证的断言，表明目标域中不存在所查询的资源。NSEC3包含按字母顺序排序的哈希化名称，这些名称位于查询主机名之前和之后。为增加字典攻击难度，哈希函数可进行多次迭代计算，但这同时会增加DNS解析器在处理NSEC3记录中SHA-1哈希计算时的负载。关于NSEC3记录计算对DNS解析器造成负载的问题，已在NSEC3规范RFC5155和RFC9276中予以考虑。2024年2月，NSEC3耗尽DNS解析器资源的潜在风险被分配了CVE-2023-50868漏洞编号，确认了NSEC3的额外迭代计算会产生显著负载。然而，目前尚未发布对该攻击的评估报告，且攻击对解析器的影响尚未明确。本研究首次对针对DNS解析器实现的NSEC3-encloser攻击进行评估，发现即使受害解析器遵循RFC5155建议限制哈希迭代次数，NSEC3-encloser攻击仍可使CPU指令数增加72倍。该攻击对不同DNS解析器的影响存在差异，但我们证明通过足够数量的DNS数据包，攻击能够增加CPU负载并导致数据包丢失。实验表明，以每秒150条恶意NSEC3记录的速率攻击时，根据DNS实现方式的不同，良性DNS请求的丢失率在2.7%至30%之间波动。本文详细描述了NSEC3-encloser攻击的实现方法，并首次系统分析了各NSEC3参数在NSEC3-encloser攻击期间对受害解析器负载的影响机制。