Technion Students Find a Loophole in Security in the World’s Most Popular Internet DNS Protocol
Following the discovery, algorithms will be replaced in the next software version release
Technion students, Roee Hay and Jonathan Kalechstein from the Faculty of Computer Science discovered a new weakness (loophole), which had not been previously documented in the world’s most widely used DNS software – BIND. “We were very surprised to find a loophole in the protocol,” said Kalechstein. “We reported it to the authorities responsible for its implementation, they responded that they were unaware of this problem, and added that they will replace the algorithms in the next software version release.”
The project was carried out at the Laboratory of Computer Communication & Networking in the Faculty of Computer Science at the Technion, and was led by Dr. Gabi Nakibly from Rafael (Rafael Advanced Defense Systems Ltd.). It won the faculty wide competition, the Amdocs Best Project Contest. In August 2013, the project was publicized at an academic conference on information security ‘Usenix WOOT,’ held in the US.
“We devised an attack on DNS, a protocol that is one of the cornerstones of the Internet, and we identified a weakness in one of its implementations,” explained Roee Hay. “The DNS protocol has been around for several years and has been investigated by researchers from all over the world. We knew in advance that the chances of finding a loophole in the software would be very small, but we like challenges.”
DNS (Domain Name System) is one of the most basic Internet protocols. It allows access to a decentralized database enabling computers to translate the names of websites to web addresses (IP addresses).
“During the resolution of name to IP address, DNS servers look for the server storing the corresponding IP address,” explains Dr. Gabi Nakibly. “The weakness that the students found allows hackers to compel a DNS server to connect with a specific server chosen out of a set of potential servers. If that server is controlled by the attacker, that DNS server will receive a false IP address. This type of cyber attack gives hackers an advantage, by causing computers to ‘talk’ with network stations that they alone control without being able to detect the occurrence of the fraud.”