Presented by,Team: Natus Vincere

Adarsh Naga Seshulu RecherlaNikila Goli

Venkata Harish Mopidevi

Secure DNS Caching using Custom Network Processor

Employee

CEO

Hi! Can I meet Miss.X? Sure. You may

go to cabin 201.

Thank youHi! I would like to meet the CEO. Do you have an

appointment?Yes. I do.OK. You may go to

cabin 301

Receptionist

Real World Analogy

Employee

CEO

ReceptionistEnd User

DNS Server

Domain1

Domain 2

DNS Cache

DNS Caching

n0 n1NetFPGA

Real World AnalogyDesign Implementation on NetFPGA

n0 n1NetFPGA

DNS Query

ImplementationDesign Implementation on NetFPGA

010011001

111000011

001011100

001000111

010101010

101110100

Domain IP Address

DNS Query N2

DNS Query

1 2

Cache Miss!

DNS Query

DNS Query Handling

n0 n1NetFPGA

DNS Query DNS Response

DNS Response & Caching

010011001

111000011

001011100

001000111

010101010

101110100

Domain IP Address Auth

DNS ResponseDNS Response

1 2Modified

PacketN2

10.1.2.3

UserRSA

Public Key

V

1

Key Exchange Required

000100010

DNS Response & Caching

n0 n1NetFPGA

Modified Packet

UserRSA

Public Key

V

n0 %$#*&% 1

DNS Response

Request Timed out

DNS Query

Secure Key Exchange & Authentication

Secured DNS Caching Implementation

Conventional DNS Caching Implementation

DNS Cache itself performs authentication Requires Firewall for authentication

Latency in request handling is low (u sec) Latency is in the order of (m sec)

Robust to snooping attacks Vulnerable to snooping attacks

Comparison with existing systems

Date Milestones Progress

April, 20th Implemented Socket Program on the node and netFPGA for 1024 bit RSA key exchange in software.

April, 27th Implemented DNS caching and Response handling feature using our processor.

May, 4th Implement a socket program on node1 to process DNS Request and integration of the whole design to verify the functionality.

---

Final Demo Demonstrate completely functional DNS caching and query handling with RSA key exchange.

---

• “DNS Performance and the Effectiveness of Caching”-Jaeyeon Jung, Emil Sit, Hari Balakrishnan, Member, IEEE, and Robert Morris

• “Lightweight Multi-threaded Network Processor Core in FPGA”- Piotr Buciak, Jakub Botwicz Warsaw University of Technology pbuciak,jbotwiczka@elka.pw.edu.pl

• “Research and Implementation of RSA Algorithm for Encryption and Decryption “ - Xin Zhou ; Dept. of Comput. Sci. & Technol., Harbin Univ. of Sci. & Technol., Harbin, China

• “Hands-on with the NetFPGA to build a Gigabit-rate Router” - McKeown, N. ; Stanford Univ., Stanford ; Lockwood, J.W. ; Naous, J. ; Gibb, G.

• “Configuration of DNS server with cryptographic algorithm for secure DNS and DHCP updates” - Chatterjee, T. ; Inf. Technol., ABV-IIITM, Gwalior, India

References

DNS Query for n2Encrypted DNS Query

Encrypted DNS ResponseCache

Updated

Forwarding

n0 NetFPGA n1

DNS Query handling for Unauthenticated Domain

Cache Miss

DNS Query for n3Encrypted DNS Query

Encrypted DNS ResponseCache

Updated

n0 NetFPGA n1

DNS Query handling for Authenticated Domain

CacheMiss

Authorization Required

RSA Keys ExchangedRequest Timed

OutDNS Query for n3

DNS Response for n3