Study on the latent state of Kaminsky-style DNS cache poisoning: Modeling and empirical analysis

Abstract

Due to the slow adoption of DNSSEC, the defense against Kaminsky-style DNS cache poisoning still mainly relies on conventional challenge-response mechanisms which have security vulnerabilities. Existing industry and academic research on DNS cache poisoning focuses on preventing cache injection, while systematic study on the entire poisoning process including the domain hijacking phase remains scarce. From an attacker’s perspective, we provide a complete tri-state poisoning model, based on which we further mathematically model the latent state (i.e., hijacking phase) and quantitatively analyze the influence of different factors on the hijacking effect. The simulation and experiment results are consistent with the mathematical model in different scenarios, justifying the effectiveness of the model and the significance of the domain hijacking phase. Finally, countermeasures and suggestions are proposed to strengthen the defense against Kaminsky-style cache poisoning by reducing the success rate of domain hijacking.