hands on tutorial
play

Hands on tutorial Willem Toorop, NLNet Labs Shumon Huque, Verisign - PowerPoint PPT Presentation

Nov 20, 2023 •599 likes •1.39k views

Hands on tutorial Willem Toorop, NLNet Labs Shumon Huque, Verisign Glen Wiley, Verisign About getdns API= a DNS API specification resolving names getdns API= created by and for applications developers getdns = the first

  1. Hands on tutorial Willem Toorop, NLNet Labs Shumon Huque, Verisign Glen Wiley, Verisign

  2. About  getdns API= a DNS API specification – resolving names  getdns API= created by and for applications developers  getdns = the first implementation of this specification  getdns highlighted feature : Parry pervasive monitoring and man in the middle attacks by bootstrapping encrypted channels  getdns mission slogan : Security Begins with a Name

  3. About DNSSEC  A globally distributed database with authenticated data

  4. About DNSSEC  A global distributed database with authenticated data  Wasn't it about protecting users against domain hijacking?  DNS = the phone book of the Internet  Data unauthenticated  DNSSEC to the rescue

  5. About DNSSEC  A global distributed database with authenticated data  Wasn't it about protecting users against domain hijacking?  DNS = the phone book of the Internet  Data unauthenticated  DNSSEC to the rescue  Yes, but it does so by giving (origin) authenticated answers - where origin means that the authoritative party for a zone authenticates the domain names within that zone

  6. Refresher – Public Key Crypto Encrypt Public Encrypt Encrypted Encrypted Readable Readable message message message message Shared Decrypt Private Decrypt  Asymmetric encryptjon  Symmetric encryptjon

  7. Refresher – DNS in two slides  Zones with distributed authority . .com .org .net oreilly.com getdnsapi.net

  8. Refresher – DNS in two slides  Zones with distributed authority  Three types of name servers/clients  Iterative querying Authoritatives getdnsapi.net A . net NS Application getdnsapi.net A stub getdnsapi.net A Recursive Resolver net getdnsapi.net NS OS getdnsapi.net A getdnsapi.net A getdnsapi getdnsapi.net A

  9. DNSSEC – Public Key Crypto – Signing Readable message Hash hash of msg Equal? Readable Hash Readable message message Decrypt Encrypt signature signature hash of msg Public Private  Verify signature  Create signature

  10. DNSSEC – Public Key Crypto – delegating authority Readable Public message Readable message signature Hash Readable Hash Public message Public Encrypt Encrypt signature signature hash of msg hash signature Private Private  signs the message  Building the chain of trust authorizes

  11. DNSSEC – Chain of Trust  Zones with distributed authority DNSKEY  Chain of trust follows delegations . ✓ ✓ .com DS .org DS ✓ .net DS  DNSKEY P ublic key of zone DNSKEY DNSKEY DNSKEY  DS Hash of DNSKEY .com .org .net signed by parent ✓ getdnsapi.net DS DNSKEY oreilly.com getdnsapi.net

  12. DNSSEC – Public Key Crypto – Verifying delegations Readable Hash hash Hash hash of msg message signature compare compare Readable Public message Public Decrypt Decrypt signature signature signature Public Public Public Public  Verify signature  Verify authorization

  13. DNSSEC – Validating  A Validating Recursive Resolver uses the root's public key to verify (validate) delegations Authoritatives getdnsapi.net A . net NS net DS Application net DNSKEY getdnsapi.net A Validating stub getdnsapi.net A Recursive net DNSKEY net getdnsapi.net NS Resolver OS getdnsapi.net A getdnsapi.net DS getdnsapi.net DNSKEY getdnsapi.net A getdnsapi ✓ getdnsapi.net DNSKEY getdnsapi.net A

  14. DNSSEC for Applications – for TLS  Transport Layer Security (TLS) uses both asymmetric and symmetric encryption  A symmetric key is sent encrypted with remote public key  How is the remote public key authenticated?

  15. TLS Not Leveraging DNSSEC  How is the remote public key authenticated?

  16. How is Remote Public Key Authenticated?  Through Certificate Authorities (CAs), maintained in OS, browser...  Every CA is authorized to authenticate for any name (as strong as the weakest link)  There are 1000+ CAs

  17. Enter DANE-TLS

  18. Enter DANE-TLS @Kloot  D NS-based A uthentication of N amed E ntities (DANE) RFC6698

  19. DANE out of reach for Applications  getaddrinfo() returns addresses, how to ask for TLSA , or SSHFP  getaddrinfo() doesn’t tell if you got Authenticated Data (AD) Authoritatives _443._tcp.getdnsapi.net TLSA . net NS net DS Application net DNSKEY getdnsapi.net TLSA? Validating getaddrinfo() _443._tcp.getdnsapi.net TLSA Recursive net DNSKEY net getdnsapi.net NS Resolver OS getdnsapi.net DS getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA getdnsapi ✓ getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA

  20. Do you trust the resolver? Could be your phone Authoritatives Could be the Wi-Fi getdnsapi.net A . net NS net DS Application net DNSKEY getdnsapi.net A Validating getaddrinfo() getdnsapi.net A getaddrinfo() Recursive net DNSKEY net getdnsapi.net NS Resolver OS getdnsapi.net DS OS getdnsapi.net DNSKEY malicious getdnsapi.net A resolver getdnsapi getdnsapi.net A ✓ getdnsapi.net DNSKEY getdnsapi.net A

  21. Bypass resolver completely... Authoritatives _443._tcp.getdnsapi.net TLSA . net NS Application net DS net DNSKEY _443._tcp.getdnsapi.net TLSA Recursive net DNSKEY Resolver getdnsapi.net NS net getdnsapi.net DS os OS _443._tcp.getdnsapi.net TLSA ✓ getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA getdnsapi.net DNSKEY getdnsapi ✓

  22. Or Do DNSSEC Iteration as a Stub! Authoritatives _443._tcp.getdnsapi.net TLSA . _443._tcp.getdnsapi.net TLSA net NS Application net DS net DNSKEY Validating _443._tcp.getdnsapi.net TLSA Recursive net DNSKEY net getdnsapi.net NS Resolver os getdnsapi.net DS OS ✓ getdnsapi.net DNSKEY getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA _443._tcp.getdnsapi.net TLSA getdnsapi ✓ getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA

  23. Motivation – for a new DNS API  From API Design considerations: … There are other DNS APIs available, but there has been very little uptake … … talking to application developers … … the APIs were developed by and for DNS people, not application developers …

  24. Motivation – for a new DNS API  From API Design considerations: … There are other DNS APIs available, but there has been very little uptake … … talking to application developers … … the APIs were developed by and for DNS people, not application developers …  Goal … API design from talking to application developers … … create a natural follow-on to getaddrinfo() ...

  25. Motivation – for a new DNS API  Goal … API design from talking to application developers … … create a natural follow-on to getaddrinfo() … - http://www.vpnc.org/getdns-api/ - Edited by Paul Hoffman - First publication April 2013 - Updated in February 2014 (after extensive discussion during implementation) - Creative Commons Attribution 3.0 Unported License

  26. Motivation – for a new DNS API  Goal … API design from talking to application developers … … create a natural follow-on to getaddrinfo() … - Implemented by Verisign Labs & NLnet Labs together - http://getdnsapi.net/ - 0.1.0 release in February 2014, 0.1.1 in March, - 0.1.2 & 0.1.3 in June, 0.1.4 in September, 0.1.5 last Friday - Node.js and Python bindings - BSD 3-Clause License

  27. Why this library (and not one of the others)  Offers the full resolving package - Full recursion and DNSSEC … through libunbound - Access to all the resolved data … through ldns

  28. Why this library (and not one of the others)  Delivers a generic data structure … Response Dict - Lists, dicts, data, integers … ubiquitous in modern scripting languages - Very suitable for inspection - Trial and error style programming … resolve, have a look, decide how to proceed - Suitable for scripting language bindings … and those are very developer friendly. Hackathon with Node.js and Python . Ahead are Go , Ruby , Perl ...

  29. Simple Functions – Full Recursion from getdns import * ctx = Context () ext = { "dnssec_return_only_secure": GETDNS_EXTENSION_TRUE } res = ctx.general ( ’_443._tcp.getdnsapi.net’, GETDNS_RRTYPE_TLSA, ext) if res[’status’] = GETDNS_RESPSTATUS_GOOD: # Process TLSA RRs Authoritatives _443._tcp.getdnsapi.net TLSA . net NS Application net DS net DNSKEY _443._tcp.getdnsapi.net TLSA Recursive net DNSKEY Resolver getdnsapi.net NS net getdnsapi.net DS os OS _443._tcp.getdnsapi.net TLSA ✓ getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA getdnsapi.net DNSKEY getdnsapi ✓

  30. Simple Functions – Stub mode from getdns import * ctx = Context () ctx.resolution_type = GETDNS_RESOLUTION_STUB ext = { "dnssec_return_only_secure": GETDNS_EXTENSION_TRUE } res = ctx.general ( ’_443._tcp.getdnsapi.net’, GETDNS_RRTYPE_TLSA, ext) if res[’status’] = GETDNS_RESPSTATUS_GOOD: Authoritatives # Process TLSA RRs _443._tcp.getdnsapi.net TLSA . _443._tcp.getdnsapi.net TLSA net NS Application net DS net DNSKEY Validating _443._tcp.getdnsapi.net TLSA Recursive net DNSKEY net getdnsapi.net NS Resolver os getdnsapi.net DS OS ✓ getdnsapi.net DNSKEY getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA _443._tcp.getdnsapi.net TLSA getdnsapi ✓ getdnsapi.net DNSKEY _443._tcp.getdnsapi.net TLSA

Recommend

XDP hands-on tutorial Jesper Dangaard Brouer Toke Hiland-Jrgensen Bornhack Gelsted, August

XDP hands-on tutorial Jesper Dangaard Brouer Toke Hiland-Jrgensen Bornhack Gelsted, August

XDP hands-on tutorial Jesper Dangaard Brouer Toke Hiland-Jrgensen Bornhack Gelsted, August 2019 XDP hands-on tutorial 1 Outline Introduction - what is XDP? About this tutorial - plan for today Bonus tasks XDP hands-on tutorial -

436 views • 16 slides
Hands-on Tutorial Supported by Microsoft Research The CADRE project (Val Pentchev) Hands

Hands-on Tutorial Supported by Microsoft Research The CADRE project (Val Pentchev) Hands

Hands-on Tutorial Supported by Microsoft Research The CADRE project (Val Pentchev) Hands on intro to CADRE Program (Mat Hutchinson) overview Interactive demo with packages and notebooks (Filipi Silva) CADRE fellow presentation

878 views • 65 slides
Hands-on QM/MM Tutorial Files are also available on: http://villekaila.wordpress.com/ and on the

Hands-on QM/MM Tutorial Files are also available on: http://villekaila.wordpress.com/ and on the

Hands-on QM/MM Tutorial Files are also available on: http://villekaila.wordpress.com/ and on the CHARMM web page Our files are also provided on http://github.com/RowleyGroup/charmm-turbomole- examples/tree/master/qmmm Prof. Ville R. I. Kaila

557 views • 38 slides
Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics Design issues Kinematics Compliance Sensing Actuation Control Robustness Evaluation Discussion Hands of the 80s Hirose

237 views • 22 slides
Supporting Feedback Processes with OnTask: A Hands-on Tutorial LAK 2019 Tempe Arizona 5

Supporting Feedback Processes with OnTask: A Hands-on Tutorial LAK 2019 Tempe Arizona 5

J o h n T h u r m fl i c k r . c o m Supporting Feedback Processes with OnTask: A Hands-on Tutorial LAK 2019 Tempe Arizona 5 March 2019 Abelardo Pardo, Shane Dawson, George Siemens University of South Australia Dragan Ga

349 views • 33 slides
Hands-On Ghidra A Tutorial about the Software Reverse Engineering Framework Roman Rohleder

Hands-On Ghidra A Tutorial about the Software Reverse Engineering Framework Roman Rohleder

Hands-On Ghidra A Tutorial about the Software Reverse Engineering Framework Roman Rohleder Thales Group Ghidra? Gee-druh. The G sounds like the G in goto, great, good, graph and GitHub. The emphasis goes on the first syllable.

1.25k views • 40 slides
XDP hands-on tutorial Jesper Dangaard Brouer Toke Hiland-Jrgensen NetDev 0x13 Prague, March

XDP hands-on tutorial Jesper Dangaard Brouer Toke Hiland-Jrgensen NetDev 0x13 Prague, March

XDP hands-on tutorial Jesper Dangaard Brouer Toke Hiland-Jrgensen NetDev 0x13 Prague, March 2019 1 Outline Introduction - what is XDP and who are we? About this tutorial - plan for today Bonus tasks - Jesper Dangaard

124 views • 11 slides
Mining the social web for music -related data: a hands-on tutorial wifi password: yh4zs Please

Mining the social web for music -related data: a hands-on tutorial wifi password: yh4zs Please

Mining the social web for music -related data: a hands-on tutorial wifi password: yh4zs Please install the required software! Check the details at: ismir2009.benfields.net Welcome! Claudio Baccigalupo Ben Fields IIIACSIC Goldsmiths

2.25k views • 190 slides
GAMS An Introduction Hands-on Tutorial on Optimization Frederik Proske & Lutz Westermann

GAMS An Introduction Hands-on Tutorial on Optimization Frederik Proske & Lutz Westermann

GAMS An Introduction Hands-on Tutorial on Optimization Frederik Proske & Lutz Westermann GAMS Software GmbH GAMS Development Corp. GAMS Software GmbH www.gams.com Agenda GAMS at a Glance GAMS Hands On Examples Outlook A

1.39k views • 111 slides
CENG5030 Caffe Tutorial Part I: Caffe Hands-on Installation Easy customization with

CENG5030 Caffe Tutorial Part I: Caffe Hands-on Installation Easy customization with

CENG5030 Caffe Tutorial Part I: Caffe Hands-on Installation Easy customization with Makefile.config Prepare Data Data stored in LMDB format; The conversion tool convert_imageset is provided; Example:

684 views • 21 slides
PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

Presentation Presentation Presentation Hands-On Hands-On Presentation Hands-On Overview Pydgin Intro GCD Instr PyMTL Intro Max/RegIncr ML Modeling GCD Unit PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine

355 views • 9 slides
PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

Presentation Presentation Presentation Hands-On Presentation Hands-On Hands-On Overview Pydgin Intro GCD Instr PyMTL Intro Max/RegIncr ML Modeling GCD Unit PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine

487 views • 7 slides
PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

Presentation Presentation Hands-On Presentation Hands-On Presentation Hands-On Overview Pydgin Intro GCD Instr PyMTL Intro Max/RegIncr ML Modeling GCD Unit PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine

467 views • 21 slides
PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine Installation and Setup 8:50am

Presentation Presentation Hands-On Presentation Hands-On Presentation Hands-On Overview Pydgin Intro GCD Instr PyMTL Intro Max/RegIncr ML Modeling GCD Unit PyMTL/Pydgin Tutorial Schedule 8:30am 8:50am Virtual Machine

128 views • 11 slides
Translation Quality Estimation Tutorial Hands-on QuEst++ Carolina Scarton and Lucia Specia July

Translation Quality Estimation Tutorial Hands-on QuEst++ Carolina Scarton and Lucia Specia July

Translation Quality Estimation Tutorial Hands-on QuEst++ Carolina Scarton and Lucia Specia July 12, 2016 Abstract In this tutorial we present QuEst++ , an open source framework for pipelined Translation Quality Estimation. QuEst ++ is the newest

467 views • 18 slides
An Introduction to Python for Scientists Hands-On Tutorial Ahmed Attia Statistical and Applied

An Introduction to Python for Scientists Hands-On Tutorial Ahmed Attia Statistical and Applied

An Introduction to Python for Scientists Hands-On Tutorial Ahmed Attia Statistical and Applied Mathematical Science Institute (SAMSI) 19 TW Alexander Dr, Durham, NC 27703 attia@ { samsi.info || vt.edu } Department of Mathematics, North Carolina

536 views • 32 slides
Atelier Monte Carlo Hands-On Session P. Skands Ecole de Gif, Paris, Sep 26 2007

Atelier Monte Carlo Hands-On Session P. Skands Ecole de Gif, Paris, Sep 26 2007

Atelier Monte Carlo Hands-On Session P. Skands Ecole de Gif, Paris, Sep 26 2007 Preparations The tarball containing the tutorial files is available from: http://home.fnal.gov/ skands/slides/tutorial-gif.tgz Download and unpack the

71 views • 4 slides
Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI

Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI

Hands On Exercises for Globus Online Command Line Interface IGE Globus Online Tutorial EGI Community Forum 2013, Manchester, April 9, 2013 Trainers: S. Tuecke, M. Hoffman, I. Muntean Setup: Add your public key to your identities in Globus

56 views • 3 slides
EPA SWMM5 Theory and Hands-On Tutorial Henry Manguerra GEF-MTSP Consultant August 3-4, 2011

EPA SWMM5 Theory and Hands-On Tutorial Henry Manguerra GEF-MTSP Consultant August 3-4, 2011

Manila Third Sewerage Project EPA SWMM5 Theory and Hands-On Tutorial Henry Manguerra GEF-MTSP Consultant August 3-4, 2011 EPA SWMM5 Setup Program (Version 5.0.022) SWMM Powerpoint Presentation Materials SWMM Users Manual SWMM

809 views • 46 slides
A Hands-on IODA Tutorial Interaction-Oriented Simulation within NetLogo Sbastien Picault

A Hands-on IODA Tutorial Interaction-Oriented Simulation within NetLogo Sbastien Picault

A Hands-on IODA Tutorial Interaction-Oriented Simulation within NetLogo Sbastien Picault sebastien.picault@univ-lille1.fr SMAC team LIFL Lille 1 University http://www.lifl.fr/SMAC/ Social Simulation Conference September 1st, 2014

603 views • 23 slides
Building Multi-Processor FPGA Systems Hands-on Tutorial to Using FPGAs and Linux Chris Martin

Building Multi-Processor FPGA Systems Hands-on Tutorial to Using FPGAs and Linux Chris Martin

Building Multi-Processor FPGA Systems Hands-on Tutorial to Using FPGAs and Linux Chris Martin Member Technical Staff Embedded Applications Agenda Introduction Problem: How to Integrate Multi-Processor Subsystems Why Why would you do

891 views • 42 slides
Globus Online Tutorial Hands On Session Trainers Matthias Hofmann , Technische Universitaet

Globus Online Tutorial Hands On Session Trainers Matthias Hofmann , Technische Universitaet

Globus Online Tutorial Hands On Session Trainers Matthias Hofmann , Technische Universitaet Dortmund, Germany (matthias.hofmann@tu dortmund.de) Ioan Lucian Muntean , Technical University of Cluj Napoca, Romania

460 views • 5 slides
Monte Carlo Minicourse Hands-On Exercises P. Skands November 2007 Preparations The tarball

Monte Carlo Minicourse Hands-On Exercises P. Skands November 2007 Preparations The tarball

Monte Carlo Minicourse Hands-On Exercises P. Skands November 2007 Preparations The tarball containing the tutorial files is available from: http://home.fnal.gov/ skands/slides/tutorial.tgz Download and unpack the tarball: tar -xvzf

273 views • 4 slides
Microsoft Azure Workshop Getting Started with Microsoft Azure Hands on Tutorial Swag, including

Microsoft Azure Workshop Getting Started with Microsoft Azure Hands on Tutorial Swag, including

Microsoft Azure Workshop Getting Started with Microsoft Azure Hands on Tutorial Swag, including a raffle for a Razer bundle worth $120 and including a mechanical keyboard, gaming mouse, gaming mouse pad, and overear headphones 7pm TONIGHT!

313 views • 15 slides

More recommend