We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: From IP to transport and beyond: cross-layer attacks against applications

Abstract: We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS resolvers in the Internet and compare them with respect to effectiveness, applicability and stealth. Our study shows that DNS cache poisoning is a practical and pervasive threat.
We then demonstrate cross-layer attacks that leverage DNS cache poisoning for attacking popular systems, ranging from security mechanisms, such as RPKI, to applications, such as VoIP. In addition to more traditional adversarial goals, most notably impersonation and Denial of Service, we show for the first time that DNS cache poisoning can even enable adversaries to bypass cryptographic defences: we demonstrate how DNS cache poisoning can facilitate BGP prefix hijacking of networks protected with RPKI even when all the other networks apply route origin validation to filter invalid BGP announcements. Our study shows that DNS plays a much more central role in the Internet security than previously assumed.
We recommend mitigations for securing the applications and for preventing cache poisoning.
Subjects: Cryptography and Security (cs.CR)
Journal reference: SIGCOMM '21: Proceedings of the 2021 ACM SIGCOMM 2021 Conference, August 2021, Pages 836-849
DOI: 10.1145/3452296.3472933
Cite as: arXiv:2205.06085 [cs.CR]
  (or arXiv:2205.06085v1 [cs.CR] for this version)

Submission history

From: Philipp Jeitner [view email]
[v1] Thu, 12 May 2022 13:36:59 GMT (572kb,D)

Link back to: arXiv, form interface, contact.