KeyTrap: Serious Vulnerability in the Internet Infrastructure

ATHENE-researchers have uncovered a critical flaw in the design of DNSSEC, the security extension to the Domain Name System (DNS) (DNS Security Extensions) which introduces a vulnerability in all DNS (Domain Name System) implementations and are helping vendors and service providers to fix it. Without correction, the flaw could have serious implications for DNSSEC-validating implementations and public DNS providers such as Google and Cloudflare. Led by Prof. Dr. Haya Schulmann of Goethe University Frankfurt, the ATHENE team has developed a new class of attack called "KeyTrap" that shows how hackers could exploit the design flaw: With just a single DNS packet, hackers could paralyze all common DNS implementations and public DNS providers. Exploiting this attack would have serious consequences for any application that uses the internet, including the unavailability of technologies such as web browsers, email and instant messaging. This devastating effect prompted major DNS vendors to call KeyTrap “The worst attack on DNS ever discovered”. ATHENE-researchers have been working with vendors and DNS providers to develop specific patches to close the vulnerability. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.

The attack vectors exploited in the KeyTrap class of attacks are registered in the Common Vulnerabilities and Exposures (CVE) database as an umbrella CVE-2023-50387. 

Discovering and fixing of this design flaw in DNSSEC is a good example of the importance of cybersecurity research in helping to proactively prevent cyberattacks and improve security. ATHENE's work has already uncovered several serious security vulnerabilities on the internet, helping to improve security for the benefit of millions of users in Germany and around the world.

Go to our press release

Technical Report

The technical background is summarized in this report: Report (PDF, 1,2 MB)

The final version of this report will be presented at the ACM Conference on Computer and Communications Security (ACM CCS), Salt Lake City, October 14-18, 2024, under the title "The Harder You Try, The Harder You Fail: The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNSSEC".

The KeyTrap vulnerability is a flaw in the Internet Standard defining DNSSEC, the security extension for the Domain Name Service (DNS). The standard defines multiple requirements that dictate resolvers to try all available cryptographic material; try all available DNSSEC keys against all available DNSSEC signatures. An attacker can set up a malicious domain with many keys using the same key-tag and many signatures referring to that key-tag. Following the standard, a resolver will attempt to validate ALL keys against ALL signatures, leading to a quadratic effort validating the domain. With a sufficiently large amount of keys and signatures, an attacker can exhaust the CPU resources of the resolver, achieving a Denial-of-Service (DoS).

Since the vulnerability is in the internet standard, all DNS resolvers that implement the DNSSEC standard are vulnerable to KeyTrap. This includes all major vendors, e.g. Unbound (NLNetLabs), Bind9 (ISC), Google Public Resolver, Cloudflare, and many more.

A single DNS packet allows an attacker to stall DNS resolvers between about 1min and 16h, depending on the resolver implementation. This means an attacker can continuously stall any DNSSEC validating resolver with a few packets per minute, achieving 100% DoS on the resolver answering benign requests.

As an end-user, there is no immediate action required. If you want to ensure your Internet provider has resolved the problem, you can inform them of the vulnerability. If your provider is under active attack and resolution is not possible, you may switch to one of the open resolvers which have already deployed patches, including Quad9, Cloudflare, and Google.

As a provider of DNS services, like an open resolver or an ISP, update your DNS resolution software to the newest version as soon as possible to mitigate the attack surface. Patches for all major vendors have already been published. If deployment of patches is not currently possible, you can consider forwarding results of an Open Resolver. We do not advice for disabling DNSSEC validation unless carefully considered and under active attack, as downgrading protection opens the resolver up for other DNS attacks.

Finally, if you run an authoratiative DNS server, you might also want to update the tools you use in case you allow user to upload zones and check them with tooling. Your zone-checking tools might also be vulnerable to the attack.

DNSSEC is an important cryptographic protocol and continue using it is heavily emphasized to protect against attacks on DNS. The KeyTrap attack exposed a fundamental flaw in the standard defining DNSSEC, i.e. that the resource exhaustion through a high number of validations was not considered. This flaw is, for now, mitigated by implementations deviating from the standard in their willingness to validate. An improved standard must be drafted in the future that will account for this problem, allowing implementations to again following the standard in validation count requirements. We do not advice on moving away from DNSSEC.

No. KeyTrap is a powerful Denial-of-Service attack, it allows an attacker to prevent a DNS resolver to answer no benign requests with very low attacker traffic. However, it does not attack cryptographic components of DNSSEC and thus cannot circumvent DNSSEC protection. The cryptography of DNSSEC is not broken by KeyTrap.

The deployed patches limit the amount of validations that the resolver is willing to invest in a resolution request by a user. This limits the amount of CPU resources the attacker can exhaust with the attack. Patches also implement additional mitigations, like de-prioritizing of busy validation threads, answering cached entries on separate threads, limiting the amount of colliding DNS keys, and limiting the maximum amount of failed validations.

The vulnerability was discovered by a team of ATHENE researchers, namely Elias Heftrig from Fraunhofer SIT, Prof. Haya Schulmann and Niklas Vogel from Goethe University Frankfurt, and Prof. Michael Waidner from TU Darmstadt and Fraunhofer SIT.