Volume-4, Issue-3, June-2014, ISSN No.: 2250-0758 International Journal of Engineering and Management Research Available at: www.ijemr.net Page Number: 164-170

Review Paper on Prevention of DNS Spoofing

Roopam1, Bandana Sharma2 1,2CSE, Kurukshetra University, INDIA

ABSTRACT similar to: 7.9.18.26. A computer always needs to understand Today, to deceive customers financially in banks or to what numerical IP address of user alphanumeric address such their confidential data, one of the broadly used attack is internet as WWW.EXAMPLE.COM, which is accomplished through attack. Web criminals doing an internet scam through Phished DNS servers. Finally DNS listed for the Websites that harms the user’s confidentiality. Attackers spoof delivers the answer back to the requesting computer. the data by mimicking the original Websites using DNS spoofing. 1.3 Domain Name Spoofing An essential part of the internet on whose many other protocol rely is the (DNS). DNS allows hosts on the A computer hacking attacks termed as DNS spoofing network to make updates to DNS records dynamically, without or also known as DNS cache poisoning, in which a data that is the need for restarting the DNS service. Server gets User’s being introduced into a Domain results in passwords, credit card numbers and any of their confidential diverting traffic to another computer and return an incorrect details by directly redirecting the user to a fake server. This can IP address. be done by injecting Fake DNS server in place of Original A DNS server is provided by the computer user's Server. In this thesis we want to prevent the DNS server from organization or an Internet Service Provider (ISP) generally DNS spoofing with efficient algorithm. The algorithm included in this thesis increases the security of url request from the attacker. used by networked computer .An organization's network This can be done by encrypting the url request by the user at deploy a DNS server to improve resolution response client side using RSA 1024 public key encryption and exactly performance by caching previously obtained query results. An double its encrypted security by appending bits generated from attacker is just need to exploit a flaw in the DNS software to blum blum shub generator at client side only. This whole accomplish a cache poisoning attack. If the request made by encrypted data then be sent to server side. DNS server doesn’t validate to ensure that they are from authoritative source the server will end up caching the Keywords- DNS, Public Key Algorithm, RSA Encryption , Blum incorrect entries locally and serve them to other users that Blum Shub Generator. make the same request. Attackers can use this technique to

direct users of a website to another site of the attacker's I. INTRODUCTION choosing. Attacker needs to do is to spoof the IP address of DNS entries for a target website on a given DNS server, takes 1.1 Internet a control of his server by replacing that IP Address. Then files Internet Protocol (IP) is the standard that is used to will be created on the server he controls similar to the names link several billion devices worldwide is being used by matching the target server. A user who referenced to the computer network for the interconnection of a global system malicious server could be convinced in accepting content is termed as Internet. A broad array of electronic, wireless, coming from fake server and forced to download malicious and optical networking technologies are used to create a link content. between millions of private, public, academic, business, and 1.4 Phished Websites government networks, that create a network of network is A web site that is being created to capture any fields commonly called as internet. An extensive range of completed by the user (such as username and passwords)is information resources and services is being carried by termed as websites . As soon as the user completes Internet, such as the infrastructure to support email, the inter- these fields , an attacker captures all his information. An linked hypertext documents and applications of the World attacker creates a fake web site that looks like exactly the Wide Web (WWW), , and peer-to-peer networks for file same as real web site for eg. facebook . The attacker sned his sharing and telephony. fake web site instead of original one whenever being 1.2 Domain Name Server requested by user and also trick the user into clicking a link Domain Name Server can be abbreviated as DNS, that leads to the fake site. When the user clicks to attempts to which helps in translating word based addresses of system to log on with their account information, all the information the system that should be located at that address or to the including his username and password is being stored to the numerical IP address of the computer (such as attacker record. WWW.EXAMPLE.COM to the Internet Protocol). All computers and systems on the Internet use addresses that look 164

Fig. 1.1 Phished website

II. PROBLEM EXPLANATION

The problem we formulated can be explained as capturing In Figure 1, clients will communicate with wrong or eavesdropping on users confidential data or misguiding destination and consequently receive incorrect IP . These them. This can be done diverting the user’s request from real destinations might be fake web servers to gain DNS server to the fake DNS server. username/password or private information of clients. Websites This DNS server problem originated when an attacker contain malicious content such as worms and viruses; fake place a fake DNS server in spite of real DNS server. This can update server for the software and operating system, and be done by placing a wrong IP address instead to original one sometime it threatens the network availability. by doing a very small modification in it. This whole process is termed as DNS spoofing. A process of stealing a confidential or secret data or user III. METHODOLOGY can be accomplished using Fake Website. A Fake website is a website, which looks similar to the real website with a slight The methodology we used in our thesis can be explained or unmarked difference with it. This difference can be as follows: A descriptive research on specific attacks that are explained as, a letter which looks similar to each other can be performed on Websites have been done by us. DNS spoofing, replaced so that user won’t be able to judge the difference now a days have become a critical issue to be resolved which between real and fake. As soon as the user start accessing the is very common and popular in web crime. Many different illegitimate website, the information like username, password, approach have been proposed against it which we discussed phone number, address etc will be sent to the fake DNS above. Giuseppe Ateniese from department of Computer server. And finally attacker will be able to steal or copy all the Science of JHU Information Security Institute and Stefan details of user for any harmful reason. Mangard from Institute for Applied Information Processing This can be explained as below: and Communications (IAIK) both proposed a new Approach to DNS SECURITY (DNSSEC). In our paper we presented a technique to prevent DNS server from attacker. This is having a 1024 pubic key which is used by RSA encryption to encrypt the url request by user. Further more Blum Blum Shub generator is used to generate 1024 binary bits and those bits are appended to the encrypted url data. Finally this whole encrypted data will be sent to server site. At server site, RSA decryption will be done to decrypt the data received from client site. And finally resulted in an original form of request. This whole methodology will help the user from being attacked by hackers. If any attacker in middle try to eavesdrop or divert the request from original DNS server then he won’t be able to judge the real request.

165

IV. RESULT

RSA 1024 Encryption with blum blum shub generator:

Fig 4.4 decryption time taken at server side

V. CONCLUSION AND FUTURE WORK Fig 4.1 url request by user at client side Securing a DNs is a major challenge now a days therefore required to be secuired as soon as possible. The proposal to do such a change is introduced above which resulted in a positive way. The protocol or technique we introduced above make use of Public key RSA encryption with public key size 1024 with blum blum shub generator which helps in additional secuirity with minimum time. The protocol helps the user to secure his url request by given technique in comparatively less time to others. This can be seen above. Besides this we concluded that if we compare the security between the proposed architecture Fig 4.2 url request encrypted at client side showing time and others, we can see that proposed technique with public key size 1024 generate the same or more secuirity than the technique used before with 2048 key size or more. We presented a proposal, when properly implemented, and offers the higher security than others. It also degraded the time taken and improves the level of traffic of network. In future this can be done in a more dynamic way. Also one can implement the same protocol with small key size that will be able to generate comparatively more secure url request when compared with others.

VI. LITERATURE SURVEY

1. G. Aghila, Professor, CDBR-SSE Lab, Department of Computer Science, Pondicherry University and V. prasanna Venkatesan, Associate Professor,CDBR- SSE Lab, Department of Computer Science, Pondicherry University proposed a tool PIXASTIC: STEGANOGRAPHY BASED ANTI-PHISHING

BROWSER PLUG-IN. Users still fall prey for online Fig 4.3 received encrypted request at server side attacks though many standard security mechanisms

for ensuring secure e-commerce world. Phishing is one of such simple but powerful attack. An effective

166

anti-phishing technique is the need of the hour and phishing Emails “zero-day” phishing which is a new Phishing is the most alarming threat in the e- phishing email that it has not been trained on old Commerce world. An algorithm based on Image dataset, not included in black list. These paper Steganography has been introduced named as Robust introduced a new technique by providing a Message They focused on their paper on a novel anti- framework called Phishing Evolving Neural Fuzzy phishing browser plug-in which uses information Framework (PENFF)seeks to the detection and hiding technique Steganography. A plug-in named protection of unknown “zero-day” phishing Emails. Pixastic (safari) is tested in an online banking This framework is developed based on adoptive scenario and it is compared with other well known Evolving Fuzzy Neural Network (EFuNN). The anti-phishing plug-in methods in practice. They process of detection of phishing email is done by proposed and implemented, first kind of browser PENFF depending on the level of features similarity plug-in Pixastic which uses Steganography in their between body email and URL email features. EFuNN paper. A new plug -in, Pixastic uses a technique helps in contolling the common features to create Novel Robust Message based Image Steganography rules that help predict the phishing email value in algorithm for embedding and extracting the secret online mode. The framework they proposed message and it is incorporated in safari browser. decreases the error rate in classification process and Dynamicity of RMIS algorithm is encompassed in hence has proved its ability to detect phishing emails. the stego-key, embedding rate and in pixel selection. This framework is considered as highly compacted. Moreover, Pixastic plug-in is specific for website and Finally they concluded that the approach given by therefore quick in response. Other antiphishing plug- them proved the ability to distinguish between ins on parameters such as usability, behavior of plug- phishing emails and ham emails in online mode. in on existing and possible attacks has also been Their framework has higher accuracy than other compared to Pixastic. For future work they approaches with ability to implement in life long concluded tha pixastic plug-in can be extended to learning systems. A more dynamic system to build to other browsers like Internet Explorer, Mozilla future. build system able to work in real implementations In their experimental result, their method pixastic can be used to done in future, to have more accuracy perform well compared to other Antiphishing plug- with high performance. ins. 4. Rachna Dhamija from University of California, 2. Giuseppe Ateniese from department of Computer Berkele and J.D.Tygar University of California, Science of JHU Information Security Institute and Berkeley both worked against phishing problem and Stefan Mangard from Institute for Applied introduce a new approach “The Battle Against Information Processing and Communications (IAIK) Phishing: Dynamic Security Skins”. A usability both proposed a new Approach to DNS SECURITY concerns of privacy and security because both system (DNSSEC). A distributed database that allows designers and attackers battle using user interfaces to convenient storing and retrieving of resource records guide (or misguide) users is modeled as Phishing. is termed as the Domain Name System. Public key Dynamic Security Skins,proposed by them allows a cryptography has been used to provide security remote web server to prove its identity in a way that services by extending the Domain Name System. In is easy for a human user to verify and hard for an their paper they proposed a new approach to attacker to spoof. This scheme is implemented on the DNSSEC that may result in a significantly more design of an extension to the Mozilla Firefox that has efficient protocol. Further they introduced a new been describe by them in this paper. To prevent strategy to build chains of trust from root servers to spoofing, a two novel interaction has also been authoritative servers. The techniques they employ are presented by them in this paper. To provide a trusted based on symmetric-key cryptography. They system dedicated to username and password entry, proposed the highest level of security while reducing window’s browser has been extended. They created a network traffic which helps in reducing storage trusted path by using a photographic image and this requirements and enables efficient mutual window to prevent spoofing of the window. authentication by properly implementing DNSSEC. Secondly, a remote server is allowed to generate a Their result contained in their paper will stimulate unique abstract image for each user and each the deployment of DNSSEC and induce beneficial transaction by using this scheme. They finally discussion. contrast their with other existing anti-ohishing 3. Ammar Almomani, Tat Chee Wan, Altyeb Altaher, proposals and analysed that their scheme places a Ahmad Manashrah and Eman Almomani introduced very low burden on the user in terms of effort, a technique against phishing attack named as memory and time. Evolving Fuzzy Neural Network for Phishing Emails 5. Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang, and Detection. They developed their technique to deceive Suku Nair1 SMU HACNet Lab customer in banks and agencies is unknown zero-day

167

Computer Science and Engineering Dept. Southern College Benjana Padavu, Bantwal introduced Spam Methodist University have introduced a new Control Mechanism using Identity based Message technique agains phishing attack named as Admission. In their paper they explained about the Distributed Phishing Detection by ApplyingVariable user accounts which are being compromised for their Selection using Bayesian Additive Regression Trees. financial incentives by spammers. The issues related One of the most drasticattacks named as phishing to sender to indicate that their emails are signed and causing both financial institutions and customers encrypted using ID based mediated RSAA technique huge monetary losses. The Internet is being accessed based on user identity are addressed in their paper. by mobile devices. In their current paper they studied They introduced a system in which they use and presented a client-server distributed architecture Certificate Authority and a key Mediator in its to detect phishing e-mails by taking advantage of architecture. The Key mediator does partial automatic variable selection in Bayesian Additive decryption and the recipient does full decryption of Regression Trees (BART). BART improves their message are done during decryption process. They predictive accuracy, when combined with other proposed that a dynamic monitoring qd/qe from time- classifiers. Further to leverage well in resource to time in the Key Mediator to check for large values constrained environments, the overall architecture of both encryption/decryption requested operations has proved. IN their result they demonstrated that and take necessary operations based on the situation automatic variable selection in CBART can be used can be done in future to improve the predictive accuracy in other 8. Amal Al.Hajeri described “DNS classifiers. They explained on the bases of their result Support of the Cyber Defense Initiative” in his paper. that a comparison can be done between the A well known port that runs on the Domain Name effectiveness of of automatic variable selection in Server (DNS) service is described in his paper which CBART against other well-known variable selection is considered to be the hackers first option to attack. approaches to derive more extensive conclusions. He explained that that DNS server is considered to b 6. Hosnieh Rafiee, Christoph Meinel Hasso-Plattner- a meaningful part as internet domains are located and Institut, University of Potsdam gave a proposal translated to internet protocol addresses and also against DNS spoofing and nominated it as “A Secure, defined as the heart of the internet. He explained Flexible Framework for DNS Authentication in IPv6 about the DNS hijacking.For the security of the DNS, Auto configuration”. An essential part of the internet a concept of DNSSEC can be implemented in future, is the Domain Name System, onwhose many other to secure and authenticate entries in the DNS, and protocol rely. Dynamic Update is the key function of provide protection against masquerading. A Public DNS, without the need for restarting the DNS service Key Infrastructure (PKI) will be used to sign the it allows hosts on the network to make updates to enteries using electronic keys, which allows them to DNS records dynamically. Security issues therefore be traced back to a trusted source exposed in DNS records. Transaction SIGnature 9. Bernhard Müllern SEC Consult Vulnerability Lab, (TSIG) and Domain Name System Security Vienna, gave his research in the field of DNS Extensions (DNSSEC), these two protocols were spoofing which is titled as “IMPROVED DNS introduced to address these issues. In this paper or SPOOFING USING NODE RE-DELEGATION” . research they tried to accommodate these new he explained that before the real authoritative name security parameters, we will call this new mechanism server is able to reach the target server with DNS the CGA-TSIG algorithm and to that they extended response packets, the attacker is able to reach due to the RDATA field within the TSIG protocol. In their which it is always possible to inject poison RRs into they explained that not all processing is done the cache of caching DNs server.RRs stay in the automatically, when using TSIG or DNSSEC. They target server’s for the long time where Due to the showed how their processes improve and automate nature of UDP and the DNS protocol, it is always the authentication process. Our evaluation showed possible to inject poison RRs into the cache of a that our approaches could prevent several types of caching DNS server, where classical DNS spoofing attacks -- DNS Update spoofing, etc. To authenticate attacks may not be feasible. without needing to use a TA, except when we want to 10. Fanglu Guo Jiawu Chen Tzi-cker Chiueh Computer eliminate the manual step necessary for key exchange Science Department Stony Brook University, NY had when authenticating two DNS servers is also put their kind research on DNS spoofing named as explained by them. “Spoof Detection for Preventing DoS Attacks against 7. Mahesh P. Canara Engineering College Benjana DNS Servers “. In their paper they explained the Padavu, Bantwal, Basappa B. Kodada basic terminologies like DNS ,attacks, UDP etc. Asst. Prof., Dept. of CSE Canara Engineering They explained that the key to thwart Dos attack is College Benjana Padavu, Bantwal and Shivakumar spoof detection. In their paper they explained a deep K. M Head, Dept. of CSE Canara Engineering study on spoof detection strategies for protecting

168

DNS services from Dos attacks. They have different DNs query interaction models from implemented some strategies that create some from iterative, recursive and cahing schemes and finally cookies for a DNS server to check if each incoming emploayed an efficient identity based encryption key request is indeed from where the request packet says management scheme. They presented an efficient it is from . Finally they concluded that spoofed security protocol for preventing DNS cache request cannot present correctcookie thus can be poisoning attacks in DNS in their paper. The detected with the comprehensive study oon the use of proposed a protocol which aims at decreasing the cookies. Theydesigned and implemented three success probability of DNS spoofing and cache cookies to DNS. The scheme which exploit the poisoning by preventing man-in-the- middle attacks mechanism in the current DNS protocol by and many other security mechanism. embedding cookies in NS name and NS IP address is 13. Fenil Kavathia Student of Computer Engineering, termed as DNS based sheme. The scheme which Nirma University. Ajay Modi Student of Computer redirects LRS to use TCP and uses TCP sequence Engineering, Nirma University introduced their number as cookies is termed as TCP based scheme. research paper on the topic “SSL Finally a proposal of Kernel level transparent TCP ENHANCEMENT”. Firstly in their paper they proxy was introduced. explained about the ssl protocol with the 11. P. Ramesh Babu Dept of Information Technology development of ecommerce with the development of Rajamahendri Inst. of Engg & Technology, D.Lalitha e-commerce. In their arcticle they depicted an attack Bhaskari Dept of C.S & S.E AU College of by focusing on SSL strip which are responsible for Engineering (A) and CH.Satyanarayana Dept of generating the most recent attacks in the secure C.S.E JNTUK College of Engineering introduced network connections and finally tried to nullify it . their kind research on DNS spoofing named as “A They have proposed a technique cum practical Comprehensive Analysis of Spoofing”. They solution to strethen data secuirity by developing introduced the basic mechanism of spoofing attack to mozilla firefox add-on and servlet code which will the students , computer users and novice researchers. strengthen their defense against the hijacking By providing false information like Email name, attacks. URL or IP address one can impersonate another person or computer. Any kind of false information in REFERENCES the computer world can take the image of spoofing. They explained the different kinds of spoofing in [1]. P.Thiyagarajan, Research Scholar, Department of their paper and some views also being provided Computer Science, Pondicherry University , G. Aghila, regarding the detection and prevention of spoofing Professor, CDBR-SSE Lab, Department of Computer attack. As the hacker community, continues to seek Science, Pondicherry University and V. Prasanna out vulnerabilities and weaknesses in our systems Venkatesan, Associate Professor, CDBR-SSE Lab, and our networks, A steady stream of changes and Department of Computer Science, Pondicherry University new challenges is assured because of which introduced “PIXASTIC: STEGANOGRAPHY BASED professional must retain current with the operating ANTI-PHISHING BROWSER PLUG-IN” in 2012 systems that we use in our daily activities. [2]. Giuseppe Ateniese, Department of Computer Science 12. Ramzi Bassil Roula Hobeica, Cesar Ghali Ayman and JHU Information Security Institute and Stefan Kayssi Ali Chehab from Department of Electrical Mangard Institute for Applied Information Processing and Computer Engineering American University of and Communications (IAIK) introduced “A New Beirut, other Wassim Itani, Department of Electrical Approach to DNS Security (DNSSEC)” in 2001 and Computer Engineering Beirut Arab University [3]. Ammar ALmomani, National Advanced IPv6 Centre researched on security of DNS spoofing and named , Eman ALmomani , 2School of Computer Sciences, and as “Security Analysis and Solution for Thwarting 3Ahmad Manasrah , 3Faculty of Information Technology Cache Poisoning Attacks in the Domain Name and Computer Sciences, Yarmouk University, 21163, System”. In their paper they explained about the Irbid,” Evolving Fuzzy Neural Network for Phishing crucial part of the internet , Domain Name System. Emails Detection” in 2012 Malicious attackers tried to cause damage and [4].Rachna Dhamija, University of California, Berkeley gaining personal benefits through DNS. They and J.D.Tygar University of California, Berkeley “The provided a security solution for such a problem Battle Against Phishing: Dynamic Security Skins”July 6- named as S-DNS. The protocols for S=DNS can be 8 2005. explained as follows :helps in decreasing the success [5].Saeed Abu-Nimeh, Dario Nappa, Xinlei Wang, and probability of DNS spoofing and cache poisoning by Suku Nair ,SMU HACNet Lab ,Computer Science and preventing man in the middle attack, secondly this Engineering Dept. Southern Methodist University Dallas, scheme also provides a mechanism for a bachward TX 75275 sabunime [email protected] fdnappa, compatible , moreover this scheme targeted the [email protected] “Distributed Phishing Detection by

169

Applying Variable Selection using Bayesian Additive [11]. Ramesh Babu Dept of Information Technology Regression Trees”. Rajamahendri Inst. of Engg & Technology, D.Lalitha [6]. Hosnieh Rafiee, Christoph Meinel Hasso-Plattner- Bhaskari Dept of C.S & S.E AU College of Engineering Institut, University of Potsdam P.O. Box 900460, 14440 and CH.Satyanarayana Dept of C.S.E JNTUK College of Potsdam, Germany {Rafiee, Meinel}@hpi.uni- Engineering “A Comprehensive Analysis of Spoofing” in potsdam.de “A Secure, Flexible Framework for DNS International Journal of Advanced Computer Science and Authentication in IPv6 Autoconfiguration” in 2013. Applications, Vol. 1, No.6, December 2010 [7]. Mahesh P. Canara Engineering College Benjana [12]. Ramzi Bassil Roula Hobeica Wassim Itani* Padavu, Bantwal, Basappa B. Kodada Asst. Prof., Dept. Department of Electrical and Computer Engineering of CSE Canara Engineering College Benjana Padavu, American University of Beirut and Cesar Ghali Ayman Bantwal and Shivakumar K. M Head, Dept. of CSE Kayssi Ali Chehab , Department of Electrical and Canara Engineering College Benjana Padavu, Bantwal Computer Engineering Beirut Arab University “Security “Spam Control Mechanism using Identity based Message Analysis and Solution for Thwarting Cache Poisoning Admission”in International Journal of Computer Attacks in the Domain Name System” in 1997. Applications (0975 – 8887) Volume 74– No.3, July 2013 [13]. Fenil Kavathia Student of Computer Engineering, [8]. Amal Al.Hajeri “DNS Spoofing Attack Support of Nirma University. A/29, Goyal park,PremchandNagar the Cyber Defense Initiative” A Global Information Road Vastrapur,Ahmedabad and Ajay Modi Student of Assurance Certification Paper during 2000-2002. Computer Engineering, Nirma University.4, Vivek Flat, [9]. Bernhard Müller SEC Consult Vulnerability Lab, Dashaporwad Soc. Paldi Ahmedabad “SSL Vienna, 07/14/2008 “IMPROVED DNS SPOOFING ENHANCEMENT” USING NODE RE-DELEGATION” in 2008. [10]. Fanglu Guo Jiawu Chen Tzi-cker Chiueh Computer Science Department Stony Brook University, NY 11794 ffanglu, jiawu, [email protected]” Spoof Detection for Preventing DoS Attacks against DNS Servers”

170

Copyright © 2011-14. Vandana Publications. All Rights Reserved.