The first article in this series compared the Domain Name System (DNS) to a phonebook. In this analogy, DNS is a directory that allows you find computer addresses from domain names just as people's names can be looked up in a phone directory to find their phone numbers. DNS enables us to translate "LetsTalkBitcoin.com" into the computer-friendly IP address "18.104.22.168".
This article discusses the system's security. It will explain how the existing DNS system is prone to malicious attacks, and suggest how decentralized solutions increase security.
DNS Security in the Age of the Blockchain
The current Domain Name System was designed with reliability in mind, not security. It was designed in a different era, when packet-switched networks were still a novel idea. Indeed, DNS is easily compromised, and is now a prime target for attack. For example, the government of Turkey recently forced local ISPs to redirect all traffic for twitter.com to a government site by changing the DNS entries in their nameservers.
Our current DNS has many intermediaries, called nameservers, where traffic can be intercepted or tampered with. Blockchain-based DNS reduces the number of queries to nameservers. That is because many domains are associated with IP addresses in the blockchain, so no other servers need to be consulted.
A huge problem on the Internet is man-in-the-middle (MITM) attacks. In MITM attacks, the "bad guy" is positioned between users and the site being accessed. This allows the attacker to return fake data in order to to divert users to malicious sites.
Blockchain-based DNS makes significant improvements to the existing system. Most importantly, the process of resolving a domain name and verifying the credentials of the destination server will be greatly simplified and substantially more secure. All the information needed to resolve a domain name will often be found in the blockchain, whereas the current process usually involves querying multiple servers. Blockchain-based DNS will also simplify the process of establishing trust between a given user and a server.
Centralized control structures create central points of failure that constitute valuable targets for attack. We noted in a previous article how these hierarchical systems lead to troubling political problems. In this article we will briefly look at some of the security implications.
Let's suppose some user, Mary, wants to visit her bank website. How does she decide whether she has found the legitimate website? She trusts her web browser, which in turn relies on an overly complex system involving signed digital certificates.
Mary's web browser is presented with a digital certificate from the bank website, which bolsters her belief that she is interacting with the legitimate bank website that she expects. That certificate makes the claim that this bank is indeed the site operator, by offering an assurance from the entity, called a certificate authority (CA), that issues that claim. Her web browser probably decides to trust the site because the certificate authority is on a whitelist of trustworthy CAs.
The government of France was recently caught using a fraudulent Google certificate, which is dangerous because it can be used to man-in-the-middle Google users. How safe should you feel? Digital certificates can usually, but not always, be trusted. Rather than basing security on math, the current system requires faith.
Decentralized DNS can fix this problem by replacing the current certificate-trust relationships with a much simpler scheme. The site owner can publish their own signed certificate, or the equivalent, right there in the blockchain. Only the registrant has the ability to publish this certificate because doing so requires the private key.
See the difference? There is no need to have a third party validate the trustworthiness of a certificate since, by definition, only the site owner has control of this. Certificate authorities are a prime target for attack, but decentralized systems have no such authorities to rely on. There is literally nobody to attack!
Man in the Middle
Main-in-the-middle attacks are a persistent problem on the Internet. MITM refers to a broad class of attacks where somebody between the two endpoints intercepts, tampers with, or redirects the traffic without the knowledge of the victim.
For example, when Mary attempts to access her bank website she might be attacked by someone in a position to intercept this traffic. She may be tricked into connecting to a fake bank website, in an attempt to steal her username and password.
A next-generation nameserver like DNSChain will retrieve the information needed to resolve a decentralized domain name by maintaining local blockchains. Signing the reply with a private key allows Mary to know that the IP address she gets back definitely came from her chosen name server.
On a local network like many people have in their homes or offices, a router is the perfect place for this nameserver to reside. By being so close to the networked devices, it can efficiently provide name resolution to connected computers, tablets, mobile devices, smart toasters, and more. By expecting signed responses from a next-generation router, devices can avoid the classic MITM attack that victimizes so many Wi-Fi users.
Domain names are stolen or hijacked all the time, often by exploiting registrar procedures for safeguarding registrants' names. A typical domain theft begins with an e-mail account being compromised. The thief then calls the registrar to explain that they forgot the password, and requests a reset link be sent to the registrant's e-mail address of record. Once the registrar account can be accessed, the domain name is transferred to an overseas registrar.
In decentralized systems, there is no registrar to exploit through social engineering. If there is an entity like a registrar, they cannot be made accomplices in order to change ownership data, or provide password resets. With Namecoin's .bit domains, for example, an update operation is required to transfer ownership, which can only be accomplished by presenting the corresponding key.
Note that spear phishing, social engineering, hijacking e-mail accounts, cracking registrar passwords, compromising registrar databases, and other traditional tools in the domain thief's arsenal are all useless here.
There seem to be only two ways to steal a domain name in a blockchain-based system like Namecoin; either steal the private key from the registrant, or take control of the network via 51% attack and register the domain again. The former is certainly plausible, but strategies to prevent it are straightforward, including using multiple signature (multisig) addresses.
Eliminating Attack Targets
The Internet Corporation for Assigned Names and Numbers (ICANN) has the authority to digitally sign the root zone, which in practical terms means they hold one of the most valuable private keys in the world. ICANN carefully guards the key used to sign root nameserver keys. Root servers store the most important data for almost all the world's top-level domains (TLDs) like .com, .net, and so on.
In case that description did not make it clear, this essentially means that both ICANN and the root name servers themselves are high-value targets for criminals and malicious hackers. After DDOS attacks on the root servers in 2002 and 2007, these lynchpins of the Domain Name System were made more redundant, but they remain a critical target. A threat was made in 2012, allegedly by Anonymous, to "shut the Internet down" by attacking the root servers.
The registry operators are another potential choke point. Recall that registries are granted the authority by ICANN to operate a top-level domain. They provide the APIs (application programming interfaces) that allow registrars to offer domain-name registration and domain-management services for all conventional domain names. Attacking registry operators like Verisign, administrator of .com and .net, would have a severe impact on the Internet.
Decentralized DNS avoids these problems. If all the domain data is stored in the blockchain, there is no need for ICANN, registries, or registrars. Gone in one fell swoop are all of these pressure points of the legacy DNS. Decentralized Domain Name Systems are MITM-resistant, theft-proof, and they solve the whole digital-certificates problem on the Internet today!
A quick reminder: This is a multipart series on decentralizing the Domain Name System. Be sure to check back next time as we take a close look at a real, working example – Namecoin.
If you enjoyed this article and want to show your gratitude, you can do so by signing up at Lets Talk Bitcoin, using my referral code: http://letstalkbitcoin.com/?ref=52b52db8