Olivia Gruza, Elias Heftrig, Oliver Jacobsen, Haya Schulmann, and Niklas Vogel, National Research Center for Applied Cybersecurity ATHENE, Goethe-Universität Frankfurt; Michael Waidner, National Research Center for Applied Cybersecurity ATHENE, Technische Universität Darmstadt, Fraunhofer Institute for Secure Information Technology SIT
NSEC3 is a proof of non-existence in DNSSEC, which provides an authenticated assertion that a queried resource does not exist in the target domain. NSEC3 consists of alphabetically sorted hashed names before and after the queried hostname. To make dictionary attacks harder, the hash function can be applied in multiple iterations, which however also increases the load on the DNS resolver during the computation of the SHA-1 hashes in NSEC3 records. Concerns about the load created by the computation of NSEC3 records on the DNS resolvers were already considered in the NSEC3 specifications RFC5155 and RFC9276. In February 2024, the potential of NSEC3 to exhaust DNS resolvers’ resources was assigned a CVE-2023-50868, confirming that extra iterations of NSEC3 created substantial load. However, there is no published evaluation of the attack and the impact of the attack on the resolvers was not clarified.
In this work we perform the first evaluation of the NSEC3-encloser attack against DNS resolver implementations and find that the NSEC3-encloser attack can still create a 72x increase in CPU instruction count, despite the victim resolver following RFC5155 recommendations in limiting hash iteration counts. The impact of the attack varies across the different DNS resolvers, but we show that with a sufficient volume of DNS packets the attack can increase CPU load and cause packet loss. We find that at a rate of 150 malicious NSEC3 records per second, depending on the DNS implementation, the loss rate of benign DNS requests varies between 2.7% and 30%. We provide a detailed description and implementation of the NSEC3-encloser attack. We also develop the first analysis how each NSEC3 parameter impacts the load inflicted on the victim resolver during NSEC3-encloser attack.
We make the code of our NSEC3-encloser attack implementation along with the zonefile and the evaluation data available for public use: https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
This content is available to:
author = {Olivia Gruza and Elias Heftrig and Oliver Jacobsen and Haya Schulmann and Niklas Vogel and Michael Waidner},
title = {Attacking with Something That Does Not Exist: {\textquoteright}Proof of {Non-Existence}{\textquoteright} Can Exhaust {DNS} Resolver {CPU}},
booktitle = {18th USENIX WOOT Conference on Offensive Technologies (WOOT 24)},
year = {2024},
isbn = {978-1-939133-43-4},
address = {Philadelphia, PA},
pages = {45--57},
url = {https://www.usenix.org/conference/woot24/presentation/gruza},
publisher = {USENIX Association},
month = aug
}
