Page 49 - Read Online
P. 49
Page 42 Kim et al. J Surveill Secur Saf 2020;1:34-60 I http://dx.doi.org/10.20517/jsss.2020.14
of mounting Denial of Service attacks. Since mDNS is a UDP-based protocol, it can be vulnerable to
amplification attacks using mDNS queries, and spoofing attacks are trivial.
3. VULNERABILITIES
Cybersecurity is a defense mechanism to protect the system from various malicious attacks; cyberattacks
disable or avoid these defenses. Vulnerabilities or weaknesses enable such attacks. This section looks
specifically at DNS and DNSSEC vulnerabilities.
3.1 DNS vulnerabilities
DNS vulnerabilities can be viewed in 3 ways: by concept, by structure, and by communication.
3.1.1 Conceptual view
The CIA Triad is a conceptual model of information security, consisting of three factors: confidentiality,
[22]
integrity, and availability . The following is an assessment of DNS in terms of information security.
(1) Confidentially: DNS requests and responses are in most cases sent via the UDP protocol, which is light
and fast, but normally unencrypted, allowing eavesdropping on all messages. Besides, the information
stored by DNS servers is necessarily public, as name to address bindings must be served on demand.
(2) Integrity: DNS without modification does not have a mechanism sign data cryptographically, which is
its single greatest weakness; anyone can tamper with or forge DNS data.
(3) Availability: the hierarchical structure of DNS, unless augmented with redundancy, is very much subject
to attacks on DNS servers, or to failures of those servers.
3.1.2 Structural view
DNS servers have a hierarchical tree structure ranging from the Root to a specific domain name server.
However, such a DNS feature includes structural problems, which can affect DNS vulnerabilities. The
structural problems in DNS are as follows:
[23]
(1) Lack of redundant DNS : The hierarchical DNS structure distributes and processes DNS queries more
efficiently. Users can request an IP address of the desired domain step by step and obtain the response.
Although DNS is designed to be distributed, traffics is concentrated because of the centralization. The
centralized DNS structure makes it easier for an attacker to attack multiple Internet services used by
many Internet users. For example, in 2016, a DYN attack exploiting such vulnerability made many users
[11]
unable to receive normal DNS responses, as well as Internet services unavailable . DNS above the SLD
level, and major domain nameservers, have evolved over the years into a highly redundant system through
numerous studies and cases. However, lower-level DNS servers remain exposed to threats due to a lack of
redundancy. Resilient and reliable DNS support is possible if more domains adopt and support secondary
DNS configurations .
[23]
[24]
(2) DNS server information exposure : Because the fundamental security configuration of the DNS
server is insufficient, the server information (e.g., server list, version) can be exposed through DNS servers
of many companies. If such information is exploited, not only DNS operation but also server operation
inside the companies can be exposed to the risk by attackers. The leakage of DNS server information
allows malicious DNS data to be sent and the user to trust wrong DNS information. Additionally, attackers
can collect information by reconnaissance attack and finally attack the server. Therefore, the security
configuration of restricted server information transmission needs to be set up in each company’s DNS
servers.
3.1.3 Communication view
Responses to queries are only weakly protected in DNS. DNS uses the IP address, destination and source
port numbers, and transaction ID in responses to match them with queries. It is relatively straightforward
